The &os; Project $FreeBSD$ 2011 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from . Advisory Date Topic SA-10:08.bzip2 20 September 2010 Integer overflow in bzip2 decompression SA-10:10.openssl 29 November 2010 OpenSSL multiple vulnerabilities The maximum number of pages used for DMA bounce buffer pool has been increased from 256 to 1024. The default value of kern.hz has been increased from 100 to 1000. The SMP kernel now works on MPC7400-based Apple desktop machines such as PowerMac3,3. &os;/powerpc now supports DMA bounce buffer which is required on systems with larger RAM than 4GB. The &man.ddb.8; kernel debugger now supports an optional delay in reset and reboot commands. This allows an administrator to break the system into debugger and trigger automatic textdump when an unattended panic occurs. The &man.ddb.8; kernel debugger now supports a show cdev command. This displays the list of all created cdev's, consisting of devfs node name and struct cdev address. The &os; &man.memguard.9; framework has been improved to make it able to detect use-after-free of allocated memories over a longer time. For more details, see &man.memguard.9; manual page. The &man.aibs.4; driver has been added. This supports the hardware sensors in ASUS motherboards and replaces the &man.acpi.aiboost.4; driver. The &man.coretemp.4; driver now supports Xeon 5500/5600 series. The &man.ichwd.4; driver now supports Intel NM10 Express chipset watchdog timer. The &os; Linux emulation subsystem now supports video4linux API. This requires native video4linux hardware drivers such as ones whichmultimedia/pwc and multimedia/webcamd provide. The &man.alc.4; driver now supports Atheros AR8151/AR8152 PCIe Gigabit/Fast Ethernet controllers. The TX interrupt moderation timer in the &man.alc.4; driver has been reduced from 50ms to 1ms. The 50ms timer resulted in a poor UDP performance. A bug in the &man.bge.4; driver which prevents TSO in BCM57780 from working has been fixed. The &man.bce.4; driver now supports flow control. The &man.bwi.4; driver, which supports Broadcom BCM430* and BCM431* family Wireless Ethernet controllers, has been added. This is not compiled into the GENERIC kernel because there are some problems. The kernel module if_bwi.ko is available and can be loaded without recompiling the kernel to enable this driver. A bug in the &man.bwn.4; driver which prevents WPA authentication from working has been fixed. The &man.cxgb.4; driver now supports the following new &man.sysctl.8; variables: hw.cxgb.nfilters sets the maximum number of entries in the hardware filter table, dev.cxgbc.N.pkt_timestamp provides packet timestamp instead of connection hash, and dev.cxgbc.N.core_clock provides the core clock frequency in kHz. The &man.em.4; driver has been updated to version 7.1.9. The &man.igb.4; driver has been updated to version 2.0.7. The &man.em.4; and &man.igb.4; drivers now provide statistics counters as &man.sysctl.8; MIB objects. The &man.em.4; and &man.igb.4; drivers now support &man.led.4; interface via /dev/led/emN and /dev/led/igbN for identification LED control. The following command line makes the LED blink on em0: &prompt.root; echo f2 > /dev/led/em0 The &man.ixgbe.4; driver is now also provided as a kernel module. The &man.epair.4; virtual Ethernet interface driver now supports explicit UP/DOWN linkstate. This fixes an issue when it is used with the &man.carp.4; protocol. The &man.iwn.4; driver now supports Intel Wireless WiFi Link 6000 series. The firmware has been updated to version 9.221.4.1. The &man.ixgbe.4; driver has been updated to version 2.2.1. It now supports 82599, better interrupt handling, hardware assist to LRO, and so on. The &man.mwlfw.4; driver is now also provided as a kernel module. The &man.rl.4; driver now supports WOL (Wake On Lan) on RTL8139B or newer controllers. The &man.rl.4; driver now supports a device hint to change a way of register access. Although some newer RTL8139 controllers support memory-mapped register access, it is difficult to detect the support automatically. For this reason the driver uses I/O mapping by default and provides the following device hint. If it is set to 0, the driver uses memory mapping for register access. hint.rl.N.prefer_iomap="0" Note that the default value is 1. Some stability issues in the &man.sis.4; driver have been fixed. The &man.ste.4; driver now supports a device hint to change a way of register access. Although it uses memory-mapped register access by default, some old IC Plus Corp (formerly Sundace) controllers are found unstable. The following device hint makes the driver use I/O mapping for register access: hint.ste.N.prefer_iomap="1" The &man.sk.4; driver now disable TX checksum offloading by default. This is because some revision of Yukon controller generates corrupted frames. The checksum offloading can be enabled manually by using txcsum option in the &man.ifconfig.8; utility. The &man.altq.4; support is now provided as a kernel module alq.ko. IPsec flow distribution has been improved for more parallel processing. A bug in &os; IPv4 stack that a proxy ARP entry cannot be added over &man.netgraph.4; interfaces has been fixed. A bug in &os; IPv6 stack which prevents an -I in the &man.ping6.8; utility from working with net.inet6.ip6.use_defaultzone=1 has been fixed. A new &man.netgraph.4; node &man.ng.patch.4; has been added. This performs data modification of packets passing through. Modifications are restricted to a subset of C language operations on unsigned integers of 8, 16, 32 or 64-bit size. The &man.ng.ether.4; &man.netgraph.4; node now supports interface transfer between multiple virtual network stacks by &man.ifconfig.8; vnet command. A &man.ng.ether.4; node associated with an network interface is now destroyed and recreated when the network interface is moved to another vnet. A TCP bandwidth delay product window limiting algorithm by a &man.sysctl.8; variable net.inet.tcp.inflight.enable is now disabled by default. It has been found that this algorithm is inefficient on a fast network with smaller RTT than 10ms. It had been enabled by default since 5.2-RELEASE, and then had been disabled only if the RTT was lesser than 10ms since 7.0-RELEASE. Pluggable TCP congestion control algorithm modules are planned to be added for the future releases. A bug in &os; TCP Path MTU discovery which can lead to a wrong calculation for a smaller MTU than 256 octets has been fixed. Note that this bug does not affect when MTU is equal to or larger than 256 octets. The TCP initial window increase in RFC 3390 which can be controlled by a &man.sysctl.8; variable net.inet.tcp.rfc3390 now reduces the congestion window to the restart window if a TCP connection has been idle for one retransmit timeout or more. For more details, see RFC 5681 Section 4.1. &os; virtual network stack (vnet) now supports IPv4 multicast routing. The &man.ahci.4; driver now disables NCQ and PMP support on VIA VT8251 because they are unreliable under load. The &man.arcmsr.4; driver has been updated to version 1.20.00.17. The &man.ata.4; driver now supports limiting initial ATA mode for devices via device hints hint.devname.unit.devN.mode or hint.devname.unit.mode. The valid values are the same as ones supported in the &man.atacontrol.8; and &man.camcontrol.8;. The &man.ata.4; driver now enables cable status check on both of controller and device side when hw.ata.ata_dma_check_80pin is enabled. The &man.mpt.4; driver now supports larger I/O sizes which the device and &man.CAM.4; subsystem can support. This was limited to 64KB, and the number of scatter/gather segments was limited to 33 on platforms with 4K pages. The &man.twa.4; driver has been updated. The version number is 3.80.06.003. The ZFS on-disk format has been updated to version 15. The ZFS metaslab code has been updated. This provides a noticeable improvement on write speed, especially on pools with less than 30% of free space. The related OpenSolaris Bug IDs are 6826241, 6869229, 6918420, and 6917066. The default value of vfs.zfs.vdev.max_pending has been decreased from 35 to 10 (OpenSolaris Bug ID is 6891731) to improve latency. Bugs in the ZFS subsystem has been fixed. The OpenSolaris Bug IDs are: 6798878, 6809683, 6794570, 6844069, 6788152, 6843235, 6857012, 6870564, 6836714, 6836714, 6870564, 6857012, 6843235, 6788152, 6844069, 6794570, 6809683, 6798878, 6950219, 6953403, 6951024, 6809340, 6755435, 6748436, 6740164, 6769612, 6757430, 6542860, 6761100, 6774886, 6737463, 6765294, 6572357, 6572376, 6328632, 6739487, 6767129, 6747698, 6745863, 6722540, 6759999, 6758107, 6776548, 6761406, 6770866, 6674216, 6621164, 6635482, 6595194, 6722991, 6396518, 6713916, 6739553, 6784104, 6784108, 6788830, 6791064, 6791066, 6791071, 6792134, 6792884, 6798384, 6551866, 6504953, 6702206, 6780491, 6747596, 6801507, 6633095, 6775697, 6790687, 6791101, 6800942, 6582163, 6804954, 6800184, 6803822, 6789318, 6790345, 6797109, 6797118, 6803343, 6815893, 6809691, 6790064, 6604992, 6810367, 6807765, 6821169, 6821170, 6824006, 6792139, 6794830, 6824062, 6816124, 6818183, 6710376, 6501037, 6827260, 6815592, 6759986, 6774713, 6717022, 6799895, 6826466, 6826468, 6826469, 6826470, 6826471, 6826472, 6833711, 6764124, 6830237, 6833162, 6824968, 6834217, 6596237, 6623978, 6801810, 6586537, 6836768, 6838062, 6794136, 6776104, 6664765, 6841321, 6843069, 6847229, 6838344, 6844900, 6857012, 6848242, 6856634, 6861983, 6862984, 6696858, 6696858, 6882227, 6880764, 6793430, 6822816, 6892298, 6807339, 6906110, 6906946, 6898245, and 6833999. The &man.arp.8; utility has been improved. It now runs faster even when a single interface has a number of aliases. The &man.calendar.1; utility now supports repeating events which span multiple years, lunar events, and solar events. The &man.dhclient.8; utility now reports a reason for exiting and the 10-second period in which the &man.dhclient.8; ignores routing messages has been changed to start just after dhclient-script starts instead of just after it finished. This change fixes a symptom that &man.dhclient.8; silently exits under a certain condition. The &man.du.1; utility now supports a -t threshold option to display entries that exceeds the value of threshold. If the value is negative, it displays entries with a value less than the absolute value of threshold. The &man.gcore.1; utility now supports an -f flag which forces a full dump of all the segments except for the malformed ones. The gethost*(), getnet*(), and getproto*() functions now set the errno to ERANGE and the NSS backend terminates with NS_RETURN when the result buffer size is too small. The &man.gpart.8; utility now supports resize command to resize partitions for all schemes but EBR. The &man.ifconfig.8; utility now check an invalid CIDR subnet notation more strictly. It wrongly accepted 10.0.0.1/10.0.0.1 as 10.0.0.1/10. Incorrect behaviors in stuttering sequences and reverse ranges in the &man.jot.1; utility have been fixed. The &man.newsyslog.8; utility now supports an -S pidfile option to override the default &man.syslogd.8; PID file. The &man.pkill.1; utility now supports an -l option which the &man.kill.1; utility does. The &man.pmcstat.8; utility now supports a file and a network socket as a top source. A new option -O filename specifies to send log output to filename, and another new option -R filename specifies to receive events from filename. For a socket, the filename is in a form of ipaddr:port. This allows top monitoring over TCP on a system with no local symbols, for example. The &man.pom.6; utility now supports a -p flag to print only the percentage. The &man.powerd.8; utility now supports an -m freq and -M freq to control the minimum and maximum frequency, respectively. A bug in the &man.sh.1; program has been fixed. A SIGINT signal is now passed through from a child process if the shell is interactive and the job control is enabled. For example, aborting &man.sleep.1; command by Ctrl-C no longer display ok in the following command line: &prompt.user; sleep 5; echo ok The &man.sh.1; program now supports a bg command consisting solely of redirections. For example: &prompt.user; < /dev/null & The &man.sleep.1; utility now supports SIGINFO signal and reports the specified sleep time and the remaining time. The &man.uname.1; utility now supports an -o flag as a synonym for the -s flag for compatibility with other systems. Bugs in &man.vi.1; utility have been fixed. They include handling of ^@ and ^C in insert mode when reading an ex command. The set sharenfs command in the &man.zfs.8; utility now supports sec option. A periodic script for zfs scrub has been added. For more details, see &man.periodic.conf.5; manual page. The timezone database has been updated to the tzdata2010l release. The &man.sysinstall.8; utility now uses the following numbers for default and minimum partition sizes: 1GB for /, 4GB for /var, and 1GB for /tmp. The &man.sysinstall.8; utility now attempts to enable &man.getty.8; on a serial port when no VGA card on the system. The supported version of the GNOME desktop environment (x11/gnome2) has been updated to 2.32.1. The supported version of the KDE desktop environment (x11/kde4) has been updated to 4.5.5. Upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded has Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main &man.sysinstall.8; menu on CDROM distribution media. This type of binary upgrade may be useful on non-&arch.i386;, non-&arch.amd64; machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.