The &os; Project $FreeBSD$ 2010 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from . Advisory Date Topic SA-09:15.ssl 3 Dec 2009 SSL protocol flaw SA-09:16.rtld 3 Dec 2009 Improper environment sanitization in &man.rtld.1; SA-09:17.freebsd-update 3 Dec 2009 Inappropriate directory permissions in &man.freebsd-update.8; SA-10:01.bind 6 Jan 2010 BIND &man.named.8; cache poisoning with DNSSEC validation SA-10:02.ntpd 6 Jan 2010 ntpd mode 7 denial of service SA-10:03.zfs 6 Jan 2010 ZFS ZIL playback with insecure permissions SA-10:04.jail 27 May 2010 Insufficient environment sanitization in &man.jail.8; SA-10:05.opie 27 May 2010 OPIE off-by-one stack overflow SA-10:06.nfsclient 27 May 2010 Unvalidated input in nfsclient SA-10:07.mbuf 13 July 2010 Lost mbuf flag resulting in data corruption The &man.ddb.4; debugger has been improved: It now supports show ifnets and show ifnet struct ifnet * commands to print a list of ifnet * of each virtual network stack and fields of specified fip, respectively. It now supports show all lltables, show lltable struct lltable *, and show llentry struct llentry * commands to print a list of lltable * of each virtual network stack, fields of specified structures respectively. The show mount command now prints active string mount options. It now supports show vnetrcrs command to dump the whole log of distinctive curvnet recursion events. It now supports show vnet_sysinit and show vnet_unsysinit commands to print ordered call lists. A new kernel thread called deadlock resolver has been added. This can be used to detect possible deadlock by using information of thread state and heuristic analysis. This is not enabled by default. To enable this, an option option DEADLKRES in kernel configuration file and recompilation of the kernel. The default &man.devfs.5; rules now expose the upper 256 of &man.pty.4; device nodes. Two commands to enable/disable read-ahead have been added to &man.fcntl.2; system call: F_READAHEAD specifies the amount for sequential access. The amount is specified in bytes and is rounded up to nearest block size. F_RDAHEAD is a Darwin compatible version that use 128KB as the sequential access size. Note that the read-ahead amount is also limited by sysctl variable vfs.read_max, which may need to be raised in order to better utilize this feature. The &man.lindev.4; driver has been added. This is for supporting various Linux-specific pseudo devices such as /dev/full. Note that this is not included in GENERIC kernel. A POSIX function pselect(3) has been reimplemented as a system call &man.pselect.2; to eliminate race condition. A kernel option option INCLUDE_CONFIG_FILE has been added to GENERIC kernel by default. A bug in the &man.sched.4bsd.4; scheduler that the timestamp for the sleeping operation is not cleaned up on the wakeup has been fixed. A race condition in the &man.sched.4bsd.4; scheduler has been fixed. A bug in the &man.sched.ule.4; scheduler which prevented process usage (%CPU) from working correctly has been fixed. New SDT (Statically Defined Tracing) probes such as ones for opencrypto and vnet have been added to &os; &man.dtrace.1; subsystem. &os; now supports SMP in PowerPC G5 systems. Note that SMP support on &os;/&arch.powerpc; is disabled by default in GENERIC kernel. &os; now supports UltraSPARC IV, IV+, and SPARC64 V CPUs. The &man.syscons.4; driver has been improved. The history buffer can be fully saved/restored in the VESA mode switching via a loader tunable hint.sc.0.vesa_mode. A bug in the &man.tty.4; driver that TIOCSTI did not work has been fixed. This affects applications like &man.mail.1;. An x86 real mode emulator based on OpenBSD's x86emu implementation has been added to improve real mode BIOS call support on both &arch.i386; and &arch.amd64;. The &man.atkbdc.4;, &man.dpms.4;, vesa(4), &man.vga.4; driver now use this emulator and work on the both platforms. The VIMAGE &man.jail.8; virtualization container can work with &man.sctp.4; now. Note that the VIMAGE is not enabled by default in GENERIC kernel. The VIMAGE &man.jail.8; now supports ip4.saddrsel, ip4.nosaddrsel, ip6.saddrsel, and ip6.nosaddrsel to control whether to use source address selection or the primary jail address for unbound outgoing connections. The default value is to use source address selection. The boot2 bootcode has been reimplemented based on the &arch.i386 counterpart. It now supports ELF binary, UFS2 file system, and larger number of slices. The EFI loader program now supports a command-line option -dev currdev to specify the default value of currdev. This option can be set by the EFI boot manager. The &man.loader.8; program now supports U-Boot storage. The algorithm the &man.loader.8; uses has been improved to choose a memory range for its heap when using a range above 1MB. This fixes a symptom that the loader fails to load a kernel. A kernel environment variable vfs.root.mountfrom now supports multiple elements for root file system in a space-separated list. Each list element will be tried in order and the first available one will be mounted. The zfsloader has been added. This is a separate &man.zfs.8; enabled loader. Note that a ZFS bootcode (zfsboot or gptzfsboot) need to be installed to use this new loader. The zfsboot and gptzfsboot bootcode now fully support 64-bit LBAs for disk addresses. This allows booting from large volumes. The adb driver now supports for interpreting taps on ADB touchpads as a button click. The amdsbwd(4) driver for AMD SB600/SB7xx watchdog timer has been added. The apt driver for the Apple Touchpad present on MacBook has been added to GENERIC kernel. The epic(4) driver for the front panel LEDs in Sun Fire V215/V245 has been added. A bug in the &man.ipmi.4; driver that caused incorrect watchdog timer setting has been fixed. The &man.pci.4; driver now supports a JBus to PCIe bridge (called as Fire) found in the Sun Fire V215/V245 and Sun Ultra 25/45 machines. The &man.smu.4; driver now provides thermal management and monitoring features. This allows fan control and thermal monitoring on SMU-based Apple G5 machines, as well as an &man.led.4; interface to control the sleep LED. The &man.tnt4882.4; driver for IEEE-488 (GPIB) bus now supports National Instruments TNT5004 chip. The &man.uart.4; driver now supports NetMos NM9865 family of Serial/Parallel ports. The &man.uep.4; driver for USB onscreen touch panel from eGalax has been added. This driver is supported by x11-drivers/xf86-input-egalax. A bug in the &man.uftdi.4; driver that can allow to send a zero length packet has been fixed. The &man.usb.4; subsystem now reports &man.devd.8; notify events with the device properties instead of attach events. The following is an example entry of &man.devd.conf.5; to match a &man.umass.4; device with a SCSI subclass and BBB protocol: notify 100 { match "system" "USB"; match "subsystem" "INTERFACE"; match "type" "ATTACH"; match "intclass" "0x08"; match "intsubclass" "0x06"; match "intprotocol" "0x50"; action "/path/to/command -flag"; }; The &man.acpi.video.4; driver now supports LCD brightness control notify handler. The &man.acpi.sony.4; helper driver now supports default display brightness, wired LAN power, and bass gain. The &man.agp.4; driver has been improved. It includes a fix for aperture size calculation issue which prevents some graphics cards from working. The &man.snd.hda.4; driver now allows AD1981HD codecs to use playback mixer. The &man.snd.hda.4; driver now supports multichannel (4.0 and 7.1) playback support. The 5.1 mode support is disabled now due to unidentified synchronization problem. Devices which supports the 7.1 mode can handle the 5.1 operation via software upmix done by &man.sound.4;. Note that stereo stream is no longer duplicated to all ports. The &man.ath.4; driver now supports Atheros AR9285-based devices. A bug in the &man.ath.4; driver which causes a problem of AR5416-based chipsets including AR9285 has been fixed. The &man.bge.4; driver now supports BCM5761, BCM5784, and BCM57780-based devices. The &man.bge.4; driver now supports TSO (TCP Segmentation Offloading) on BCM5755 or newer controllers. A long-standing bug in the &man.bge.4; driver which was related to ASF heartbeat sending has been fixed. A long-standing stability issue of the &man.bce.4; and &man.bge.4; driver due to a hardware bug in its DMA handling when the system has more than 4GB memory has been fixed. This applies to BCM5714, BCM5715, and BCM5708 controllers. A bug in the &man.bge.4; driver that incorrectly enabled TSO on BCM5754/BCM5754M controllers has been fixed. A bug in the &man.if.bridge.4; driver has been fixed. The MTU was set based on the firstly-added member even if the addition failed. The &man.if.bridge.4; driver now supports SIOCSIFMTU ioctl. For example, ifconfig bridge0 mtu 1280 can change the MTU of bridge0 to 1280. Changing the MTU is allowed only when all members have the same MTU value. The &man.bwn.4; driver for Broadcom BCM43xx chipsets has been added. The &man.cxgb.4; driver has been updated to T3 firmware 7.8.0. The &man.cxgb.4; driver now supports hardware filtering based on inspection of L2/L3/L4 headers. Filtering based on source IP address, destination IP address, source port number, destination port number, 802.1q VLAN frame tag, UDP, TCP, and MAC address is possible. The configuration can be done by the cxgbtool(8) utility. Note that cxgbtool(8) is in src/usr.sbin/cxgbtool but not compiled by default. The &man.em.4; driver has been updated to version 7.0.5. The et(4) driver now supports MSI and Tx checksum offloading of IPv4, TCP, and UDP. The &man.fxp.4; driver now exports the hardware MAC statistics via sysctl variables. The &man.igb.4; driver has been updated to version 1.9.5. The &man.iwn.4; driver has been updated. This includes various improvements and bugfixes regarding RF switch, bgscan support, suspend/resume support, locking issue, and more. The line device iwnfw in the kernel configuration file will include all firmware images. The &man.ixgbe.4; driver has been updated to version 2.2.0. The &man.msk.4; driver has been improved: It now supports Marvell Yukon 88E8042, 88E8057, 88E8059 (Yukon Optima) devices and DGE-560SX (Yukon XL). A rudimentary interrupt moderation with programmable countdown timer register has been implemented. The default parameter of the holdoff time is 100us and this can be changed via sysctl variable dev.mskc.0.int_holdoff. Note that the interrupt moderation is shared resource on a dual-port controllers and it is impossible to use separate interrupt moderation values for each port. A stability issue has been fixed. A heavy RX traffic while rebooting is in progress could prevent the system from working. The &man.mxge.4; driver has been updated to firmware version 1.4.50 from Myricom. The &man.re.4; driver no longer performs an unnecessary interface up/down during getting IP address via DHCP. The &man.re.4; driver now uses 2048 as PCIe Maximum Read Request Size. This improves bulk transfer performance. The &man.run.4; driver for Ralink RT2700U/RT2800U/RT3000U USB 802.11agn devices has been added. The sge(4) driver for Silicon Integrated Systems SiS190/191 Fast/Gigabit Ethernet has been added. This supports TSO and TSO over VLAN. The &man.ste.4; driver has been improved: The DMA handling has been improved. Wake-On-LAN is now supported. Unnecessary reinitialization of the interfaces has been eliminated. RX interrupt moderation with single shot timer has been implemented. The default parameter of the moderation time is 150us and this can be changed via sysctl variable dev.ste.0.int_rx_mod. Setting it 0 effectively disables the RX interrupt moderation feature. The tsec(4) driver now supports &man.altq.4;. The &man.u3g.4; driver has been improved and now works with ZTE MF636, Option Gi0322, Globetrotter GE40x, and Novatel MC950D. The &man.uhso.4; driver for Option HSDPA USB devices has been added. A new &man.uhsoctl.1; userland utility can be used to initiate and close the WAN connection. The &man.vge.4; driver has been improved: The DMA handling has been improved. Wake-On-LAN is now supported. Unnecessary reinitialization of the interfaces has been eliminated. Hardware MAC statistics are now supported via sysctl variables dev.vge.0.stats. Interrupt moderation with single shot timer and scheme supported by VT61xx controllers have been implemented. The default parameters are tuned to generate interrupt less than 8k per second, and these parameters can be changed via sysctl variables dev.vge.0.int_holdoff, dev.vge.0.rx_coal_pkt, and dev.vge.0.tx_coal_pkt. Note that an up/down cycle is needed to make a parameter change take effect. The &man.urtw.4; driver has been improved and now supports RTL8187B-based devices. The &os; Xen netfront driver has been improved in stability and performance. &os; flowtable now supports IPv6. This is for per-CPU caching flows as a means of accelerating L3 and L2 lookups as well as providing stateful load balancing when ECMP (Equal-Cost Multi-Path routing) is enabled by option RADIX_MPATH. A new capability flag LINKSTATE has been added to struct ifnet.if_capabilities. This indicates if the interface can check the link state or not. The &man.ifconfig.8; utility now shows this flag if supported. A new event handler iflladdr_event has been added. This signals that the L2 address on an interface has changed, and lets stacked interfaces such as &man.vlan.4; detect that their lower interface has changed and adjust things in order to keep working. This fixes an issue of &man.lagg.4; and &man.vlan.4; configuration. IPcomp (IP Payload Compression Protocol defined in RFC 2393) protocol is now enabled by default. Note that this requires option IPSEC in the kernel configuration file and GENERIC kernel does not include it. This functionality can be disabled by using a sysctl variable net.inet.ipcomp.ipcomp_enable. The &man.ipfw.4; subsystem including &man.dummynet.4; has been updated to ipfw3 and various bugs have been fixed: The major enhancement is a completely restructured version of &man.dummynet.4;, with support for different packet scheduling algorithms (loadable at runtime), faster queue/pipe lookup, and a much cleaner internal architecture and kernel/userland ABI which simplifies future extensions. All of O(N) sequences in the firewall rule evaluation removed from the kernel critical sections. The worst case is now O(log N). It now supports ipfw0 pseudo interface for logging similar to &man.pflog.4;. A sysctl net.inet.ip.fw.verbose=0 enables logging to ipfw0, and net.inet.ip.fw.verbose=1 sends logging to &man.syslog.3; as before. The me keyword in the &man.ipfw.4; rule now matches any IPv6 addresses configured on an interface as well as IPv4 ones. A bug that keep-alive rule did not work for IPv6 packets has been fixed. The lookup match option has been added. lookup {dst-ip|src-ip|dst-port|src-port|uid|jail} N This searches the specified field in table N and sets tablearg accordingly. With dst-ip or src-ip the option replicates two existing options. When used with other arguments, the option can be useful to quickly dispatch traffic based on other fields. A bug in the &man.sysctl.8; variable ip.fw.one_pass handling has been fixed. A packet which comes from a pipe without being delayed incorrectly ignored this variable. A memory alignment issue in the &man.ng.ksocket.4; and &man.ng.ppp.4;, Netgraph node drivers have been fixed. This fixes kernel panics due to the misalignment. The &man.ng.bridge.4; and &man.ng.hub.4; Netgraph node drivers now supports a flag persistent. It disables automatic node shutdown when the last hook gets disconnected. The new control messages NGM_BRIDGE_SET_PERSISTENT and NGM_HUB_SET_PERSISTENT have been added for the flag. The &man.pf.4; subsystem now supports sloppy keyword to enable a TCP state machine for tracking TCP connections with no sequence number check. This feature is in the latest version of pf. The &man.pfil.9; framework for packet filtering in &os; kernel now supports separate packet filtering instances like &man.ipfw.4; for each VIMAGE jail. A bug that proxy ARP entries cannot be added over point-to-point link types has been fixed. The &man.tap.4; pseudo interface now reports the link state properly by updating if_link_state variable in the kernel. The &man.vlan.4; pseudo interface has been added to GENERIC kernel. The &man.vlan.4; pseudo interface now supports TSO (TCP Segmentation Offloading). The capability flag is named as IFCAP_VLAN_HWTSO and it is separated from IFCAP_VLAN_HWTAGGING. The &man.age.4;, &man.alc.4;, &man.ale.4;, &man.bce.4;, &man.bge.4;, &man.cxgb.4;, &man.jme.4;, &man.re.4;, and &man.mxge.4; driver support this feature. The &man.vlan.4; pseudo interface for IEEE 802.1Q VLAN now ignore renaming of the parent's interface name. The configured VLAN interfaces continue to work with the new name while previously the configurations were removed as the renaming happens. The &man.ada.4; driver now supports BIO_DELETE. For SSDs this uses TRIM feature of DATA SET MANAGEMENT command, as defined by ACS-2 specification working draft. For Compact Flash use CFA ERASE command, same as &man.ad.4; does. This change realizes restoring write speed of SSDs which supports TRIM command by doing newfs -E /dev/ada1, for example. The &man.ahci.4; driver now supports SATA part of Marvell 88SE912x controllers. The &man.ahci.4; driver now supports FIS-based (Frame Information Structure) switching of port multiplier on supported controllers. The &man.ahd.4; driver now supports three separated error counters for correctable, uncorrectable, and fatal, in &man.sysctl.8; MIB. A new kernel option option ATA_CAM has been added. This turns &man.ata.4; controller drivers into &man.cam.4; interface modules. When enabled, this option deprecates all &man.ata.4; peripheral drivers and interfaces such as ad and acd, and allows &man.cam.4; drivers ada, and cd and interfaces to be natively used instead. Note that this is not enabled by default in the GENERIC kernel. A bug in the &man.ata.4; driver which can lead to interrupt storms and command timeouts has been fixed. USB mass storage device support in the &man.ata.4; driver has been removed. Note that this was not used in GENERIC kernel and the &man.umass.4; driver supports such devices for a long time. &os; &man.cam.3; SCSI framework has been improved: SATA and PATA support has been improved and it now recognizes more detail device capabilities. For example, the &man.ahci.4; and &man.siis.4; driver now reports maximum tag number to the framework to optimize the NCQ handling. A loader tunable kern.cam.boot_delay has been added. This controls the delay time before &man.cam.3; probes the attached devices. SCSI error recovery for devices on buses without automatic sense reporting has been improved. Typical devices are on ATAPI and USB. For example, this allows &man.cam.3; to wait, while CD drive loads disk, instead of immediately return error status. The &man.cam.4; ATA transport layer now supports Power-Up In Stand-by (PUIS). The PUIS is a configuration of SATA or PATA drives to prevent them from automatic spin-up when power is applied. A typical application is staggered spin-up. The &man.cam.4; ATA transport layer now supports negotiating and enabling additional SATA features such as device initiated power management, Automatic Partial to Slumber mode transition, and DMA auto-activation. A livelock issue of the &man.ciss.4; driver under a high load has been fixed. A bug in the &man.fdc.4; driver which prevents the kernel module from unloading has been fixed. The &man.glabel.8; now supports the following sysctl variables for each label type to enable the labeling itself: kern.geom.label.ext2fs.enable kern.geom.label.iso9660.enable kern.geom.label.msdosfs.enable kern.geom.label.ntfs.enable kern.geom.label.reiserfs.enable kern.geom.label.ufs.enable kern.geom.label.ufsid.enable kern.geom.label.gptid.enable kern.geom.label.gpt.enable Note that all of them are also loader tunables. They are enabled (set as 1) by default. &man.geom.8; providers including complex ones such as &man.gconcat.8;, &man.gmirror.8;, &man.graid3.8, &man.gstripe.8;, and some hardware RAID device drivers like &man.twa.4; now inform its optimal access block size to the upper layer. The &man.gmirror.8; utility now supports configure -p priority command to change the providers priority. The balancing mode algorithm load used in the &man.gmirror.8; utility has been changed and it is now the default one instead of split: Instead of measuring last request execution time for each drive and choosing one with smallest time, use averaged number of requests, running on each drive. This information is more accurate and timely. It allows to distribute load between drives in more even and predictable way. For each drive track offset of the last submitted request. If new request offset matches previous one or close for some drive, prefer that drive. It allows to significantly speedup simultaneous sequential reads. The &man.gmultipath.8; utility now supports destroy, rotate, getactive commands. A bug in the &man.graid3.8; which causes a panic when a large request arrives has been fixed. This happens when MAXPHYS is set as larger than 128k. The default block size of &man.gstripe.8; has been increased from 4k to 64k. The GEOM_SCHED module has been added. This supports scheduling disk I/O requests in a device independent manner. A supported algorithm is an anticipatory scheduler gsched_rr which gives very nice performance improvements in presence of competing random access patterns. See also &man.gsched.8; manual page for more details. The HAST (Highly Available STorage) framework has been added: This is a framework to allow transparently storing data on two physically separated machines connected over the TCP/IP network. HAST works in Primary-Secondary (Master-Backup, Master-Slave) configuration, which means that only one of the cluster nodes can be active at any given time. Only Primary node is able to handle I/O requests to HAST-managed devices. Currently HAST is limited to two cluster nodes in total. This operates on block level; it provides disk-like devices in /dev/hast/ directory for use by file systems and/or applications. Working on block level makes it transparent for file systems and applications. There in no difference between using HAST-provided device and raw disk, partition, etc. All of them are just regular &man.geom.8; providers in &os;. The userland part consists of &man.hastd.8;, &man.hastctl.8;, and &man.hast.conf.5;. More details can be found at . The &man.isp.4; driver has been improved in stability. The &man.mvs.4; CAM ATA driver for Marvell 88SX50XX/88SX60XX/88SX70XX/SoC SATA controllers has been added. This driver supports same hardware as the &man.ata.4; driver does, but provides many additional features, such as NCQ and PMP. The &man.siis.4; driver now enables MSI by default on SiI3124-based devices. This can be disabled by using a hint.siis.0.msi loader tunable. The Max Read Request Size in the &man.siis.4; driver for PCIe chips has been increased from 512 to 1024 bytes for better performance. The &man.twa.4; driver has been updated to the latest version from LSI. The &man.msdosfs.5; subsystem is now MP-safe and a race condition when a force unmount happens has been fixed. &os; NFS subsystem now supports a timeout for the negative name cache entries in the client. This avoids a bogus negative name cache entry from persisting forever when another client creates an entry with the same name within the same NFS server time of day clock tick. The mount option negnametimeo can be used to override the default timeout interval (60 seconds) on a per-mount-point basis. a Setting negnametimeo to 0 disables negative name caching for the mount point. A race condition in &os; NFS subsystem that occurs when &man.nfsiod.8; threads are being created has been fixed. This also fixes an interoperability issue found in combination of a &os; NFS client and a Linux NFS server. The inode number handling in &man.ffs.7; file system is now unsigned. Previously some large inode numbers can be treated as negative, and this issue shows up at file systems with the size of more than 16Tb in 16k block case. The &man.newfs.8; utility never create a file system with more than 2^32 inodes by cutting back on the number of inodes per cylinder group if necessary to stay under the limit. The UFS file system (&man.ffs.7;) now supports NFSv4 ACL. &os; &man.VFS.9; subsystem now supports a new sysctl variable vfs.vlru_allow_cache_src. This allow vnlru kernel thread to reclaim of the directory vnodes that are source of the namecache records. This is not enabled by default because for typical workload it would make namecache unusable, but large nested directory tree easily puts any process that accesses file system into one second wait for vnlru kernel thread. The ZFS file system has been improved: It now supports NFSv4 ACL. The L2ARC code has been improved in stability and performance. The zpool version has been updated to version 14. It is now possible to use zpools created on OpenSolaris 2009.06. A sysctl variable vfs.zfs.txg.write_limit_override has been added. This can be used for tuning of ZFS write throttling. ZFS prefetch statistics has been added as a sysctl variable kstat.zfs.misc.zfetchstats. The &man.zfs.8; zpool export command now supports -F flag. When exporting with this flag, zpool.cache remains untouched. A data corruption issue of zfs send/receive between two different platforms has been fixed. Symbolic links could be broken in the previous releases. A possible deadlock of zfs receive has been fixed. Possible panics of zfs destroy and zfs rollback have been fixed. A occasional failure of zfs rename due to a busy state has been fixed. Bugs that zfs snapshot -r fails when the file system is busy, and zfs receive can fail with an E2BIG error, have been fixed. A bug in &man.bsnmpd.1; program which leads to high CPU consumption on a loaded system has been fixed. A bug in &man.bzip2.1; utility which prevented it from working with multi-session bzip2 files has been fixed. The &man.camcontrol.8; utility now supports a -v flag in the subcommand identify. It displays whole of identify data block. The &man.camcontrol.8; utility now supports -d and -f flags in the subcommand cmd. They specify DMA protocol or FPDMA (NCQ) protocol to be used for ATA command, respectively. The &man.chgrp.1; and &man.chown.8; now support a -x flag to make it not traverse across multiple mount points for the recursive operation. The &man.cp.1; now supports a -x flag to make it not traverse across multiple mount points for the recursive operation. The &man.cp.1;, &man.find.1;, &man.getfacl.1;, &man.mv.1;, and &man.setfacl.1; utilities now support NFSv4 ACL. The &man.diskinfo.8; now supports reporting disk stripe size and offset. This helps users to make file systems optimally aligned and tuned for better performance. A bug in &man.ee.1; utility which can crash the program has been fixed. A bug in &man.factor.6; utility which leads to performance degradation has been fixed. The &man.fetch.1; utility now supports HTTP digest authentication. A bug in &man.fetch.1; utility which incorrectly evaluates a variable NO_PROXY has been fixed. A bug in &man.find.1; utility has been fixed. An option -newerXB was interpreted as the same as -newerXm. A bug in the &man.fnmatch.3; function has been fixed. The flag FNM_PERIOD did not work correctly when * characters were included in the string and FNM_PATHNAME was specified. A bug in the &man.fsck.ffs.8; utility which causes the last cylinder group of a UFS1 file system is always reported as broken even after it is fixed. The &man.gcore.1; utility now recognizes threads in the process and handles dumps on a thread scope. The &man.ifconfig.8; utility now supports manipulation of NDP flags handled by &man.ndp.8;. The &man.ifconfig.8; utility now supports a description value command to add a description value to the specified interface. The &man.indent.1; utility now supports a -ta flag to treat all _t-suffixed identifiers as types. The liblzma library for LZMA2 lossless data compression algorithm and the userland utilities &man.xz.1;, &man.xzdec.1;, &man.lzma.1;, and &man.lzmainfo.1;. has been imported. When the old system is upgraded to &release.current;, deinstalling a version found in the Ports Collection (archivers/xz) and recompilation of the packages which depend on it may be required. The libz library has been improved in performance. For &os/&arch.i386;, note that this improvement uses instructions only on i686-class CPU and they are disabled by default. Specifying CPUTYPE=pentium4 in /etc/make.conf enables them. The &man.ln.1; utility now reports an error correctly when a -f flag and two same file entries were specified in the command line option. It removed the file first and then reported a not found error. The &man.ln.1; utility now removes trailing slash characters when creating a link to a directory. The following command sequence reported an error in the previous releases: &prompt.user; mkdir test1 test2 &prompt.user; ln -s ../test2/ test1 The &man.mount.nfs.8; utility now supports [ipaddr]:path notation in addition to the existing one. This allows IPv6 address in the address field, and a path including : to be mounted. A bug in the &man.netstat.1; utility that prevents netstat -f netgraph from working has been fixed. The &man.netstat.1; utility now supports ARP information in statistics shown by the -s flag. The &man.netstat.1; utility now supports a -q number option to specify the number of outputs. This is used in conjunction with -w option. The &man.newfs.msdos.8; utility now uses NO_NAME as the default volume label and BSD4.4 as the OEM String. The &man.newsyslog.8; utility does not consider non-existence of a PID file as an error now. A new flag -P reverts it to the old behavior. The &man.ntpd.8; program no longer tries to bind to an IPv6 anycast address. The &man.pam.krb5.8; PAM module now supports no_user_check option. This allows to authorize a user not known to the local system. The &man.pathchk.1; utility now supports a -P flag defined in POSIX-1.2008. This checks for empty pathnames and components starting with -. A variable daily_clean_tmps_ignore which is used in the &man.periodic.8; daily script now has /tmp/.snap. This prevents /tmp/.snap from being removed. The &man.procstat.1; utility now supports two new flags -i and -j to display information about signal disposition and pending/blocked status for signals. The &man.pwait.1; utility has been added. This is similar to the Solaris utility of the same name, and waits for any process to terminate. A bug in the &man.restore.8; utility which caused short reads when a option -P was used has been fixed. The &man.rtsold.8; -a flag now excludes the interfaces which IPv6 or accepting ICMPv6 Router Advertisement message is disabled from the auto-probed interface list. The &man.scandir.3; and &man.alphasort.3; functions has been updated to conform POSIX.1-2008 (IEEE Std 1003.1-2008). The &man.sed.1; utility now supports a -r flag which means exactly the same as a -E flag. This is for compatibility with the GNU version. The service name database &man.services.5; (usually in /etc/services) now also supports a &man.db.3; style database for better lookup performance. The following entry in /etc/nsswitch.conf enables use of the binary database file: services: db Note that the &man.db.3; style database can be created by &man.services.mkdb.8; at /var/db/service.db. The &man.sighold.2;, &man.sigignore.2;, &man.sigpause.2;, &man.sigrelse.2;, and &man.sigset.2; functions have been implemented for making porting software from System V-like systems easy. Note that these are defined in POSIX.1-2008 XSI (IEEE Std 1003.1-2008, X/Open System Interface) but now obsolete. Since &os; already has another sigpause(3) function derived from 4.2BSD, a version of the XSI interface is implemented as xsi_sigpause(). The &man.sshd.8;, &man.cron.8;, &man.inetd.8;, and &man.syslogd.8; programs now set MADV_PROTECT memory flag onto themselves to protect from being terminated by the &os; kernel when available memory becomes short. This kind of process termination happens in a swap-intensive workload. The &man.stat.1; utility now supports %Sf output specifier to display the file flags symbolically. The &man.strsignal.3; function is now thread-safe. The &man.sysctl.8; utility now supports a -i flag to ignore failures while retrieving individual OIDs. This allows the same list of OIDs to be passed to &man.sysctl.8; across different systems where particular OIDs may not exist, and still get as much information as possible from them. The &man.traceroute.8; utility now performs source address selection correctly even in a VIMAGE &man.jail.8; environment. The &man.unifdef.1; utility has been updated to version 1.188. It now supports a new -B flag to compress blank lines around a deleted section to prevent blank lines around paragraphs of code from getting doubled. The &man.unzip.1; utility now supports the rename query when a file with the same name as the one about to be extracted already exists. The &man.unzip.1; utility now supports -C, -c, -f, -p, and -v flags which are compatible with Info-ZIP. The &man.usbconfig.8; utility now supports a new flag -d to specify the &man.ugen.4; device, and add_quirk and remove_quirk commands. The &man.whois.1; utility now supports searching IPv6 addresses just like IPv4 without specifying the ARIN server. A -d flag has been removed because it is now obsolete. A new errno ENOTCAPABLE has been added. This is to be returned when a process requests an operation on a file descriptor that is not authorized by the descriptor's capability flags. The &man.zfs.8; command now supports a new flag receive -u to specify that the received ZFS should not be mounted automatically. The &man.service.8; command has been added. This provides an easy command-line interface to the rc.d system. The rc.d/ipfw script and /etc/rc.firewall now supports IPv6 and rc.d/ip6fw script and /etc/rc.firewall6 are obsolete. Note that ipv6_firewall_* variables in &man.rc.conf.5; are replaced with firewall_client_net_ipv6, firewall_simple_iif_ipv6, firewall_simple_inet_ipv6, firewall_simple_oif_ipv6, firewall_simple_onet_ipv6. A new rc.d script rc.d/rtsold has been added. This handles &man.rtsold.8; daemon. A new rc.d script rc.d/static_arp has been added. This allows the administrator to statically define mappings of MAC address to IPv4 at boot time. See also the &man.rc.conf.5; manual page for more details. The rc.d/tmp script now uses a unique directory name prefixed with /tmp/.diskless instead of /tmp/.diskless itself. This fixes an issue when /tmp/.diskless exists before the script runs. A new rc.d script rc.d/ubthidhci has been added. This small script calls &man.usbconfig.8; to change a USB Bluetooth controller from HID mode to HCI mode. The &man.rc.conf.5; now supports a firewall_coscripts variable. This should contain a list of commands which should be executed after firewall starts or stops. The &man.rc.conf.5; now supports configuring &man.vlan.4; interfaces as child devices similar to &man.wlan.4; interfaces. &man.vlan.4; interfaces are listed via a new vlans_IF variable. If a VLAN interface is a number, then that number is treated as the VLAN tag for the interface and the interface will be named IF.tag. Otherwise, the VLAN tag must be provided via a VLAN parameter in a create_args_IF variable. The ACPI-CA has been updated to 20100304. The awk has been updated from the 23 October 2007 release to the 26 November 2009 release. ISC BIND has been updated to version 9.6.2-P2. netcat has been updated to version 4.7. OpenSSH has been updated from version 5.1p1 to version 5.4p1. OpenSSL has been updated to version 0.9.8n. sendmail has been updated to version 8.14.4. The timezone database has been updated to the tzdata2010j release. The filename of ISO images for &os; releases now has a FreeBSD- at the beginning. The supported version of the GNOME desktop environment (x11/gnome2) has been updated to 2.28.2. The supported version of the KDE desktop environment (x11/kde4) has been updated to 4.4.3. Upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded has Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main &man.sysinstall.8; menu on CDROM distribution media. This type of binary upgrade may be useful on non-&arch.i386;, non-&arch.amd64; machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.