1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
19 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
22 <legalnotice id="trademarks" role="trademarks">
32 <para>The release notes for &os; &release.current; contain a summary
33 of the changes made to the &os; base system on the
34 &release.branch; development line.
35 This document lists applicable security advisories that were issued since
36 the last release, as well as significant changes to the &os;
38 Some brief remarks on upgrading are also presented.</para>
43 <title>Introduction</title>
45 <para>This document contains the release notes for &os;
47 describes recently added, changed, or deleted features of &os;.
48 It also provides some notes on upgrading
49 from previous versions of &os;.</para>
51 <para>This distribution of &os; &release.current; is a
52 &release.type; distribution. It can be found at <ulink
53 url="&release.url;"></ulink> or any of its mirrors. More
54 information on obtaining this (or other) &release.type;
55 distributions of &os; can be found in the <ulink
56 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
57 &os;</quote> appendix</ulink> to the <ulink
58 url="&url.books.handbook;/">&os;
59 Handbook</ulink>.</para>
61 <para>All users are encouraged to consult the release errata before
62 installing &os;. The errata document is updated with
63 <quote>late-breaking</quote> information discovered late in the
64 release cycle or after the release. Typically, it contains
65 information on known bugs, security advisories, and corrections to
66 documentation. An up-to-date copy of the errata for &os;
67 &release.current; can be found on the &os; Web site.</para>
72 <title>What's New</title>
74 <para>This section describes
75 the most user-visible new or changed features in &os;
76 since &release.prev;.</para>
78 <para>Typical release note items
79 document recent security advisories issued after
81 new drivers or hardware support, new commands or options,
82 major bug fixes, or contributed software upgrades. They may also
83 list changes to major ports/packages or release engineering
84 practices. Clearly the release notes cannot list every single
85 change made to &os; between releases; this document focuses
86 primarily on security advisories, user-visible changes, and major
87 architectural improvements.</para>
90 <title>Security Advisories</title>
92 <para>Problems described in the following security advisories have
93 been fixed. For more information, consult the individual
94 advisories available from
95 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
97 <informaltable frame="none" pgwide="1">
99 <colspec colwidth="1*">
100 <colspec colwidth="1*">
101 <colspec colwidth="3*">
104 <entry>Advisory</entry>
112 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:01.mountd.asc"
113 >SA-11:01.mountd</ulink></entry>
114 <entry>20 April 2011</entry>
115 <entry><para>Network ACL mishandling in &man.mountd.8;</para></entry>
119 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc"
120 >SA-11:02.bind</ulink></entry>
121 <entry>28 May 2011</entry>
122 <entry><para>BIND remote DoS with large RRSIG RRsets and negative
123 caching</para></entry>
127 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc"
128 >SA-11:04.compress</ulink></entry>
129 <entry>28 September 2011</entry>
130 <entry><para>Errors handling corrupt compress file in
131 &man.compress.1; and &man.gzip.1;</para></entry>
135 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc"
136 >SA-11:05.unix</ulink></entry>
137 <entry>28 September 2011</entry>
138 <entry><para>Buffer overflow in handling of UNIX socket
139 addresses</para></entry>
143 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.asc"
144 >SA-11:06.bind</ulink></entry>
145 <entry>23 December 2011</entry>
146 <entry><para>Remote packet Denial of Service against &man.named.8;
147 servers</para></entry>
151 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc"
152 >SA-11:07.chroot</ulink></entry>
153 <entry>23 December 2011</entry>
154 <entry><para>Code execution via chrooted ftpd</para></entry>
158 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
159 >SA-11:08.telnetd</ulink></entry>
160 <entry>23 December 2011</entry>
161 <entry><para>telnetd code execution vulnerability</para></entry>
165 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:09.pam_ssh.asc"
166 >SA-11:09.pam_ssh</ulink></entry>
167 <entry>23 December 2011</entry>
168 <entry><para>pam_ssh improperly grants access when user account has
169 unencrypted SSH private keys</para></entry>
173 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:10.pam.asc"
174 >SA-11:10.pam</ulink></entry>
175 <entry>23 December 2011</entry>
176 <entry><para><function>pam_start()</function> does not validate
177 service names</para></entry>
185 <title>Kernel Changes</title>
187 <para revision="219129">The &os; kernel now supports Capsicum
188 Capability Mode. Capsicum is a set of features for sandboxing
189 support, using a capability model in which the capabilities
190 are file descriptors. Two new kernel options
191 <literal>CAPABILITIES</literal> and
192 <literal>CAPABILITY_MODE</literal> have been added to the
193 <filename>GENERIC</filename> kernel. For more information
194 about Capsicum, see <ulink
195 url="http://www.cl.cam.ac.uk/research/security/capsicum/"></ulink>.</para>
197 <para revision="219559,219561" arch="amd64,i386">The &os;
198 &man.dtrace.1; framework now supports
199 <literal>systrace</literal> for system calls of
200 <literal>linux32</literal> and <literal>freebsd32</literal> on
201 &os;/&arch.amd64;. Two new
202 <filename>systrace_linux32</filename> and
203 <filename>systrace_freebsd32</filename> kernel modules provide
204 support for tracing compat system calls in addition to the native
205 system call tracing provided by the
206 <filename>systrace</filename> module.</para>
208 <para revision="217152,217396" arch="amd64,i386,powerpc">The
209 &os; ELF image activator now supports the
210 <literal>PT_GNU_STACK</literal> program header. This is
211 disabled by default. New &man.sysctl.8; variables
212 <varname>kern.elf32.nxstack</varname> and
213 <varname>kern.elf64.nxstack</varname> allow enabling
214 <literal>PT_GNU_STACK</literal> for the specified ABIs
215 (e.g. <literal>elf32</literal> for 32-bit ABI).</para>
217 <para revision="216758,216615">The &man.hhook.9; (Helper Hook)
218 and &man.khelp.9; (Kernel Helpers) KPIs have been implemented.
219 These are a kind of superset of &man.pfil.9; framework for
220 more general use in the kernel. The &man.hhook.9; KPI
221 provides a way for kernel subsystems to export hook points
222 that &man.khelp.9; modules can hook to provide enhanced or new
223 functionality to the kernel. The &man.khelp.9; KPI provides a
224 framework for managing &man.khelp.9; modules, which indirectly
225 use the &man.hhook.9; KPI to register their hook functions
226 with hook points of interest within the kernel. These allow a
227 structured way to dynamically extend the kernel at runtime in
228 an ABI preserving manner.</para>
230 <para revision="224516" arch="amd64,i386,pc98">A &man.loader.8;
231 tunable <varname>hw.memtest.tests</varname> has been added.
232 This controls whether to perform memory testing at boot time
233 or not. The default value is <literal>1</literal> (perform a
236 <para revision="220137">A new resource accounting API has been
237 implemented. It can keep per-process, per-jail, and
238 per-loginclass resource accounting information. Note that
239 this is not built nor installed by default. To build and
240 install them, specify <literal>options RACCT</literal> in the
241 kernel configuration file and rebuild the base system as
242 described in the <ulink
243 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
244 Handbook</ulink>.</para>
246 <para revision="220163">A new resource-limiting API has been
247 implemented. It works in conjunction with the
248 <literal>RACCT</literal> resource accounting implementation
249 and takes user-configurable actions based on the set of rules
250 it maintains and the current resource usage. The &man.rctl.8;
251 utility has been added to manage the rules in userland. Note
252 that this is not built nor installed by default. To build and
253 install them, specify <literal>options RCTL</literal> in the
254 kernel configuration file and rebuild the base system as
255 described in the <ulink
256 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
257 Handbook</ulink>.</para>
259 <para revision="220031">The &man.sendmsg.2; and &man.recvmsg.2;
260 system calls in the &os; Linux ABI compatibility have been
263 <para revision="219999">The &man.open.2; and &man.fhopen.2;
264 system calls now support the <literal>O_CLOEXEC</literal> flag,
265 which allows setting the <literal>FD_CLOEXEC</literal> flag for the
266 newly created file descriptor. This is standardized in IEEE
267 Std 1003.1-2008 (POSIX, Single UNIX Specification Version
270 <para revision="220791">The &man.posix.fallocate.2; system call has
271 been implemented. This is a function in POSIX to ensure that
272 a part of the storage for regular file data is allocated on the
273 file system storage media.</para>
275 <para revision="219304">Two new system calls
276 <function>setloginclass(2)</function> and
277 <function>getloginclass(2)</function> have been added. This
278 makes it possible for the kernel to track the login class a
279 process is assigned to, which is required for the
280 <literal>RCTL</literal> resource limiting framework.</para>
282 <para revision="220238" arch="amd64">&os; now supports executing
283 &os; 1/&arch.i386; a.out binaries on &os;/&arch.amd64;. Note
284 that this is not built nor installed by default. To build and
285 install them, specify <literal>options COMPAT_43</literal> in
286 the kernel configuration file and rebuild the base system as
287 described in the <ulink
288 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
289 Handbook</ulink>.</para>
291 <para revision="218485,219028,219029">The following
292 &man.sysctl.8; variables have been added to show the availability
293 of various kernel features:</para>
295 <informaltable frame="none" pgwide="1">
297 <colspec colwidth="1*">
298 <colspec colwidth="3*">
301 <entry>&man.sysctl.8; variable name</entry>
302 <entry>Description</entry>
308 <entry><varname>kern.features.ufs_acl</varname></entry>
309 <entry>ACL (Access Control List) support in UFS</entry>
313 <entry><varname>kern.features.ufs_gjournal</varname></entry>
314 <entry>journaling support through &man.gjournal.8; for
319 <entry><varname>kern.features.ufs_quota</varname></entry>
320 <entry>UFS disk quotas support</entry>
324 <entry><varname>kern.features.ufs_quota64</varname></entry>
325 <entry>64-bit UFS disk quotas support</entry>
329 <entry><varname>kern.features.softupdates</varname></entry>
330 <entry>FFS soft-updates support</entry>
334 <entry><varname>kern.features.ffs_snapshot</varname></entry>
335 <entry>FFS snapshot support</entry>
339 <entry><varname>kern.features.nfsclient</varname></entry>
340 <entry>NFS client (old implementation)</entry>
344 <entry><varname>kern.features.nfscl</varname></entry>
345 <entry>NFS client (new implementation)</entry>
349 <entry><varname>kern.features.nfsserver</varname></entry>
350 <entry>NFS server (old implementation)</entry>
354 <entry><varname>kern.features.nfsd</varname></entry>
355 <entry>NFS server (new implementation)</entry>
359 <entry><varname>kern.features.kdtrace_hooks</varname></entry>
360 <entry>Kernel DTrace hooks which are required to load
361 DTrace kernel modules</entry>
365 <entry><varname>kern.features.ktr</varname></entry>
366 <entry>Kernel support for KTR kernel tracing facility</entry>
370 <entry><varname>kern.features.ktrace</varname></entry>
371 <entry>Kernel support for system call tracing</entry>
375 <entry><varname>kern.features.hwpmc_hooks</varname></entry>
376 <entry>Kernel support for HW PMC</entry>
380 <entry><varname>kern.features.sysv_msg</varname></entry>
381 <entry>System V message queues support</entry>
385 <entry><varname>kern.features.sysv_sem</varname></entry>
386 <entry>System V semaphores support</entry>
390 <entry><varname>kern.features.p1003_1b_mqueue</varname></entry>
391 <entry>POSIX P1003.1B message queues support</entry>
395 <entry><varname>kern.features.p1003_1b_semaphores</varname></entry>
396 <entry>POSIX P1003.1B semaphores support</entry>
400 <entry><varname>kern.features.kposix_priority_scheduling</varname></entry>
401 <entry>POSIX P1003.1B real-time extensions</entry>
405 <entry><varname>kern.features.stack</varname></entry>
406 <entry>Support for capturing the kernel stack</entry>
410 <entry><varname>kern.features.sysv_shm</varname></entry>
411 <entry>System V shared memory segments support</entry>
415 <entry><varname>kern.features.pps_sync</varname></entry>
416 <entry>Support usage of external PPS signal by kernel PLL</entry>
420 <entry><varname>kern.features.regression</varname></entry>
421 <entry>Kernel support for interfaces necessary for
422 regression testing</entry>
426 <entry><varname>kern.features.invariant_support</varname></entry>
427 <entry>Support for modules compiled with the INVARIANTS option</entry>
431 <entry><varname>kern.features.zero_copy_sockets</varname></entry>
432 <entry>Zero copy sockets support</entry>
436 <entry><varname>kern.features.libmchain</varname></entry>
437 <entry>mchain library</entry>
441 <entry><varname>kern.features.scbus</varname></entry>
442 <entry>SCSI devices support</entry>
446 <entry><varname>kern.features.mac</varname></entry>
447 <entry>Mandatory Access Control Framework support</entry>
451 <entry><varname>kern.features.audit</varname></entry>
452 <entry>BSM audit support</entry>
456 <entry><varname>kern.features.geom_gate</varname></entry>
457 <entry>GEOM Gate module</entry>
461 <entry><varname>kern.features.geom_uzip</varname></entry>
462 <entry>GEOM uzip read-only compressed disks support</entry>
466 <entry><varname>kern.features.geom_cache</varname></entry>
467 <entry>GEOM cache module</entry>
471 <entry><varname>kern.features.geom_mirror</varname></entry>
472 <entry>GEOM mirroring support</entry>
476 <entry><varname>kern.features.geom_stripe</varname></entry>
477 <entry>GEOM striping support</entry>
481 <entry><varname>kern.features.geom_concat</varname></entry>
482 <entry>GEOM concatenation support</entry>
486 <entry><varname>kern.features.geom_raid3</varname></entry>
487 <entry>GEOM RAID-3 functionality</entry>
491 <entry><varname>kern.features.geom_fox</varname></entry>
492 <entry>GEOM FOX redundant path mitigation support</entry>
496 <entry><varname>kern.features.geom_multipath</varname></entry>
497 <entry>GEOM multipath support</entry>
501 <entry><varname>kern.features.g_virstor</varname></entry>
502 <entry>GEOM virtual storage support</entry>
506 <entry><varname>kern.features.geom_bde</varname></entry>
507 <entry>GEOM-based Disk Encryption</entry>
511 <entry><varname>kern.features.geom_eli</varname></entry>
512 <entry>GEOM crypto module</entry>
516 <entry><varname>kern.features.geom_journal</varname></entry>
517 <entry>GEOM journaling support</entry>
521 <entry><varname>kern.features.geom_shsec</varname></entry>
522 <entry>GEOM shared secret device support</entry>
526 <entry><varname>kern.features.geom_vol</varname></entry>
527 <entry>GEOM support for volume names from UFS superblocks</entry>
531 <entry><varname>kern.features.geom_label</varname></entry>
532 <entry>GEOM labeling support</entry>
536 <entry><varname>kern.features.geom_sunlabel</varname></entry>
537 <entry>GEOM Sun/Solaris partitioning support</entry>
541 <entry><varname>kern.features.geom_bsd</varname></entry>
542 <entry>GEOM BSD disklabels support</entry>
546 <entry><varname>kern.features.geom_pc98</varname></entry>
547 <entry>GEOM NEC PC9800 partitioning support</entry>
551 <entry><varname>kern.features.geom_linux_lvm</varname></entry>
552 <entry>GEOM Linux LVM partitioning support</entry>
556 <entry><varname>kern.features.geom_part_pc98</varname></entry>
557 <entry>GEOM partitioning class for PC-9800 disk partitions</entry>
561 <entry><varname>kern.features.geom_part_vtoc8</varname></entry>
562 <entry>GEOM partitioning class for SMI VTOC8 disk labels</entry>
566 <entry><varname>kern.features.geom_part_bsd</varname></entry>
567 <entry>GEOM partitioning class for BSD disklabels</entry>
571 <entry><varname>kern.features.geom_part_ebr</varname></entry>
572 <entry>GEOM partitioning class for extended boot records support</entry>
576 <entry><varname>kern.features.geom_part_ebr_compat</varname></entry>
577 <entry>GEOM EBR partitioning class:
578 backward-compatible partition names</entry>
582 <entry><varname>kern.features.geom_part_gpt</varname></entry>
583 <entry>GEOM partitioning class for GPT partitions
588 <entry><varname>kern.features.geom_part_apm</varname></entry>
589 <entry>GEOM partitioning class for Apple-style
594 <entry><varname>kern.features.geom_part_mbr</varname></entry>
595 <entry>GEOM partitioning class for MBR support</entry>
602 <title>Boot Loader Changes</title>
604 <para revision="222417">The default boot loader menu has been
607 <para revision="219541" arch="ia64">The &man.loader.8; loader
608 now supports PBVM (Pre-Boot Virtual Memory). This allows
609 linking the kernel at a fixed virtual address without having to
610 make any assumptions about the physical memory layout. The
611 PBVM also allows fine control of the address where the
612 kernel and its modules are to be loaded.</para>
616 <title>Hardware Support</title>
618 <para revision="217044" arch="powerpc">&os;/powerpc now
619 supports Sony Playstation 3 using the OtherOS feature
620 available on firmwares 3.15 and earlier.</para>
622 <para revision="219473,220577">A new &man.loader.8; tunable
623 <varname>machdep.disable_tsc</varname> has been added.
624 Setting this to a non-zero value disables use of TSC (Time
625 Stamp Counter) by turning off boot-time CPU frequency
626 calibration, DELAY(9) with TSC, and using TSC as a CPU
627 ticker. Another new &man.loader.8; tunable
628 <varname>machdep.disable_tsc_calibration</varname> allows to
629 skip the TSC frequency calibration only. This is useful when
630 one wants to use the nominal frequency of the chip in Intel
631 processors, for example.</para>
633 <para revision="223098" arch="amd64,i386">The &os; &man.usb.4;
634 subsystem now supports USB 3.0 by default.</para>
636 <para revision="215649">The &os; &man.usb.4; subsystem now
637 supports USB packet filter. This allows to capture packets
638 which go through each USB host controller. The
639 implementation is almost based on &man.bpf.4; code.
640 The userland program &man.usbdump.8; has been added.</para>
643 <title>Network Interface Support</title>
645 <para revision="217649">A bug in the &man.alc.4; driver which
646 could make AR8152-based network interfaces stop working
647 has been fixed.</para>
649 <para revision="219647">A bxe(4) driver for Broadcom
650 NetXtreme II 10GbE controllers (BCM57710, BCM57711,
651 BCM57711E) has been added.</para>
653 <para revision="220009">The &man.cxgb.4; driver has been
654 updated to version 7.11.0.</para>
656 <para revision="218794">A &man.cxgbe.4; driver for Chelsio
657 T4 (Terminator 4) based 10Gb/1Gb adapters has been
660 <para revision="218832" arch="i386">The &man.dc.4; driver
661 now works correctly in kernels with the
662 <option>PAE</option> option.</para>
664 <para revision="219753">The &man.em.4; driver has been
665 updated to version 7.3.2.</para>
667 <para revision="223350">The &man.igb.4; driver has been
668 updated to version 2.2.5.</para>
670 <para revision="218530">The &man.igb.4; driver now supports
671 Intel I350 PCIe Gigabit Ethernet controllers.</para>
673 <para revision="217593">The &man.ixgbe.4; driver has been
674 updated to version 2.3.8.</para>
676 <para revision="220892">Firmware images in the &man.iwn.4;
677 driver for 1000, 5000, 6000, and 6500 series cards have been
680 <para revision="216860">A bug in the &man.msk.4; driver has been
681 fixed. It could prevent RX checksum offloading from
684 <para revision="217794">A bug in the &man.nfe.4; driver which
685 could prevent reinitialization after changing the MTU has
688 <para revision="217511">A bug in the &man.ral.4; and &man.run.4;
689 drivers which could prevent <literal>hostap</literal> mode
690 from working has been fixed.</para>
692 <para revision="216828">A rdcphy(4) driver for RDC Semiconductor
693 R6040 10/100 PHY has been added.</para>
695 <para revision="217498,218760">The &man.re.4; driver now supports
696 RTL8168E/8111E-VL PCIe Gigabit Ethernet controllers and
697 RTL8401E PCIe Fast Ethernet controllers.</para>
699 <para revision="217766">The &man.re.4; driver now supports
700 TX interrupt moderation on RTL810xE PCIe Fast Ethernet
703 <para revision="217902">The &man.re.4; driver now supports
704 another mechanism for RX interrupt moderation because of
705 performance problems. A &man.sysctl.8; variable
706 <varname>dev.re.<replaceable>N</replaceable>.int_rx_mod</varname>
707 has been added to control amount of time to delay RX
708 interrupt processing, in units of microsecond. Setting it
709 to <literal>0</literal> completely disables RX interrupt
710 moderation. A &man.loader.8; tunable
711 <varname>hw.re.intr_filter</varname> controls whether the
712 old mechanism utilizing MSI/MSI-X capability on
713 supported controllers is used or not. When set to
714 a non-zero value, the &man.re.4; driver uses the old
715 mechanism. The default value is <literal>0</literal> and
716 this tunable has no effect on controllers without MSI/MSI-X
719 <para revision="217246,217832">The &man.re.4; driver now
720 supports TSO (TCP Segmentation Offload) on RealTek
721 RTL8168/8111 C or later controllers. Note that this is
722 disabled by default because broken frames can be sent
723 under certain conditions.</para>
725 <para revision="217381,218289">The &man.re.4; driver now
726 supports enabling TX and/or RX checksum offloading
727 independently from each other. Note that TX IP checksum
728 is disabled on some RTL8168C-based network interfaces
729 because it can generate an incorrect IP checksum when the
730 packet contains IP options.</para>
732 <para revision="217296">A bug in the &man.re.4; driver has
733 been fixed. It could cause a panic when receiving a jumbo
734 frame on an RTL8169C, 8169D, or 8169E controller-based
735 network interface.</para>
737 <para revision="217911">The &man.re.4; driver now supports
738 RTL8105E PCIe Fast Ethernet controllers.</para>
740 <para revision="217910">The rlphy(4) driver now supports the
741 Realtek RTL8201E 10/100 PHY found in RTL8105E
744 <para revision="217548">A bug in the &man.sis.4; driver has
745 been fixed. It could prevent a proper reinitialization
746 on DP83815, DP83816, and SiS 900/7016 controllers when the
747 configuration of multicast packet handling and/or
748 promiscuous mode is changed.</para>
750 <para revision="216650">A bug in the &man.vlan.4; pseudo interface
751 han been fixed. It could have a random interface
752 identifier in an automatically configured IPv6 link-local
753 address, instead of one generated with the parent
754 interface's IEEE 802 48-bit MAC address and an algorithm
755 described in RFC 4291.</para>
757 <para revision="216829">A &man.vte.4; driver for RDC R6040 Fast
758 Ethernet controllers, which are commonly found on the Vortex86
759 System On a Chip, has been added.</para>
761 <para revision="221167">A &man.vxge.4; driver for the Neterion
762 X3100 10GbE Server/Storage adapter has been added.</para>
764 <para revision="216824">A bug in the &man.wpi.4; driver has been
765 fixed. It could display the following error messages and
766 result in the device being unusable:</para>
768 <screen>wpi0: could not map mbuf (error 12)
769 wpi0: wpi_rx_intr: bus_dmamap_load failed, error 12</screen>
774 <sect3 id="net-proto">
775 <title>Network Protocols</title>
777 <para revision="225044">&man.ipfw.8; now supports IPv6 in
778 the <command>fwd</command> action.</para>
780 <para revision="223666">&man.ipfw.8; now supports the
781 <command>call</command> and <command>return</command>
782 actions. Upon the <command>call
783 <replaceable>number</replaceable></command> action, the
784 current rule number is saved in the internal stack and
785 ruleset processing continues with the first rule numbered
786 <replaceable>number</replaceable> or higher. The
787 <command>return</command> action takes the rule number saved
788 to internal stack by the latest <command>call</command>
789 action and returns ruleset processing to the first rule with
790 number greater than that saved number.</para>
792 <para revision="218794">&os;'s &man.ipsec.4; support now uses
793 half of the hash size as the authenticator hash size in
794 Hashed Message Authentication Mode (HMAC-SHA-256,
795 HMAC-SHA-384, and HMAC-SHA-512) as described in RFC 4868.
796 This was a fixed 96-bit length in prior releases because the
797 implementation was based on an old Internet draft
798 draft-ietf-ipsec-ciph-sha-256-00. Note that this means
799 &release.current; and later are no longer interoperable with
800 the older &os; releases.</para>
802 <para revision="219820">For Infiniband support, OFED
803 (OpenFabrics Enterprise Distribution) version 1.5.3 has been
804 imported into the base system. Note that this is not built
805 nor installed by default. To build and install them,
806 specify <literal>WITH_OFED=yes</literal> in
807 <filename>/etc/src.conf</filename> and rebuild the base
808 system as described in the <ulink
809 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
810 Handbook</ulink>.</para>
812 <para revision="226572">The &os; TCP/IP network stack now supports
813 IPv4 prefixes with /31 as described in RFC 3021,
814 <quote>Using 31-Bit Prefixes on IPv4 Point-to-Point
815 Links</quote>.</para>
817 <para revision="217169">A bug in the &os; TCP/IP network stack has
818 been fixed. Source address selection could not be
819 performed when multicast options were present but without an
820 interface being specified.</para>
822 <para revision="225682">A bug in the
823 <literal>IPV6_PKTINFO</literal> option used in
824 &man.sendmsg.2; has been fixed. The
825 <literal>IPV6_USE_MIN_MTU</literal> state set by
826 &man.setsockopt.2; was ignored.</para>
828 <para revision="216109,216114,216115,218152,218153,218155">
829 The &os; TCP/IP network stack now supports the &man.mod.cc.9; pluggable
830 congestion control framework. This allows TCP congestion
831 control algorithms to be implemented as dynamically loadable
832 kernel modules. The following kernel modules are available
833 as of &release.current;: &man.cc.chd.4; for the
834 CAIA-Hamilton-Delay algorithm, &man.cc.cubic.4; for the CUBIC
835 algorithm, &man.cc.hd.4; for the Hamilton-Delay algorithm,
836 &man.cc.htcp.4; for the H-TCP algorithm, &man.cc.newreno.4; for
837 the NewReno algorithm, and &man.cc.vegas.4; for the Vegas algorithm.
838 The default algorithm can be set by a new &man.sysctl.8;
839 variable <varname>net.inet.tcp.cc.algorithm</varname>. The
840 value must be set to one of the names listed by
841 <varname>net.inet.tcp.cc.available</varname>, and
842 <literal>newreno</literal> is the default set at boot time.
844 detail, see the &man.mod.cc.4; and &man.mod.cc.9; manual pages.</para>
846 <para revision="217806">An &man.h.ertt.4; (Enhanced Round Trip
847 Time) &man.khelp.9; module has been added. This module
848 allows per-connection, low noise estimates of the
849 instantaneous RTT in the TCP/IP network stack with a robust
850 implementation even in the face of delayed acknowledgments
851 and/or TSO (TCP Segmentation Offload) being in use for a
854 <para revision="218912">A new &man.tcp.4; socket option
855 <literal>TCP_CONGESTION</literal> has been added. This
856 allows to select or query the congestion control algorithm
857 that the TCP/IP network stack will use for connections on
860 <para revision="225586">The &man.ng.ipfw.4; &man.netgraph.4;
861 node now supports IPv6.</para>
863 <para revision="219127">The &man.ng.one2many.4;
864 &man.netgraph.4; node now supports the
865 <literal>XMIT_FAILOVER</literal> transmit algorithm. This
866 makes packets deliver out of the first active
867 <literal>many</literal> hook.</para>
869 <para revision="219183">The &man.ng.netflow.4;
870 &man.netgraph.4; node now supports NetFlow version 9. A new
871 <literal>export9</literal> hook has been added for NetFlow
872 v9 data. Note that data export can be done
873 simultaneously in both version 5 and version 9.</para>
875 <para revision="239615">The IEEE 802.11s element identifiers have
876 been updated to reflect the final version of the amendment. This
877 update breaks compatibility with older mesh setups but is necessary
878 as the previous IDs are used by another amendment leading to
879 unexpected results when trying to associate with an accesspoint
880 using the affected IDs.</para>
885 <title>Disks and Storage</title>
887 <para revision="220412">The &man.ada.4; driver now supports
888 write cache control. A new &man.sysctl.8 variable
889 <varname>kern.cam.ada.write_cache</varname> determines
890 whether the write cache of &man.ada.4; devices is enabled or
891 not. Setting to <literal>1</literal> enables and
892 <literal>0</literal> disables the write cache, and <literal>-1</literal>
893 leaves the device default behavior. &man.sysctl.8 variables
894 <varname>kern.cam.ada.<replaceable>N</replaceable>.write_cache</varname>
895 can override the configuration in a per-device basis (the
896 default value is <literal>-1</literal>, which means to use
897 the global setting). Note that the value can be changed at
898 runtime, but it takes effect only after a device
901 <para revision="224905">The &man.arcmsr.4; driver has been
902 updated to version 1.20.00.22.</para>
904 <para revision="226067">The &man.cam.4; subsystem now supports the
905 descriptor format sense data of the SPC-3 (SCSI Primary Commands
906 3) specification.</para>
908 <para revision="220559">The &man.geom.map.4; GEOM class has
909 been added. This allows to generate multiple geom providers
910 based on a hard-coded layout of a device with no explicit
911 partition table such as embedded flash storage. For more
912 information, see the &man.geom.map.4; manual page.</para>
914 <para revision="218014">The &man.gpart.8; GEOM class now
915 supports the following aliases for the MBR and EBR schemes:
916 <literal>fat32</literal>, <literal>ebr</literal>,
917 <literal>linux-data</literal>,
918 <literal>linux-raid</literal>, and
919 <literal>linux-swap</literal>.</para>
921 <para revision="218014">The &man.gpart.8; GEOM class now
922 supports <literal>bios-boot</literal> GUID for the GPT
923 scheme which is used in GRUB 2 loader.</para>
925 <para revision="219974">The &man.graid.8; GEOM class has been
926 added. This is a replacement of the &man.ataraid.4; driver
927 supporting various BIOS-based software RAID.</para>
929 <para revision="219056">The &man.sysctl.8; variable
930 <varname>kern.geom.confxml</varname> now contains
931 information about disk identification in an
932 <sgmltag>ident</sgmltag> tag and disk model strings in a
933 <sgmltag>descr</sgmltag> tag.</para>
935 <para revision="216793">The &man.md.4; memory-backed pseudo disk
936 device driver now supports a &man.sysctl.8; variable
937 <varname>vm.md_malloc_wait</varname> to specify whether a
938 malloc-backed disk will use <varname>M_WAITOK</varname> or
939 <varname>M_NOWAIT</varname> for &man.malloc.9; calls. The
940 <varname>M_WAITOK</varname> setting can prevent memory allocation
941 failure under high load. If it is set to
942 <literal>0</literal>, a malloc-backed disk uses
943 <varname>M_NOWAIT</varname> for memory allocation. The
944 default value is <literal>0</literal>.</para>
946 <para revision="216941,217509">A bug in the &man.mmc.4; driver
947 that could cause device detection to fail has been fixed.</para>
949 <para revision="223958">The &man.mxge.4; driver has been
952 <para revision="226115">A &man.tws.4; driver for 3ware 9750
953 SATA+SAS 6Gb/s RAID controllers has been added.</para>
957 <title>File Systems</title>
959 <para revision="207141,218726">The &os; Fast File System now supports
960 softupdates journaling. It introduces a intent log into a
961 softupdates-enabled file system which eliminates the need
962 for background &man.fsck.8; even on unclean shutdown. This
963 can be enabled in a per-filesystem basis by using the
964 <option>-j</option> flag of the &man.newfs.8; utility or the
965 <option>-j enable</option> option of the &man.tunefs.8;
966 utility. Note that the &release.current; installer
967 automatically enables softupdates journaling for
968 newly-created UFS file systems.</para>
970 <para revision="216796">The &os; Fast File System now
971 supports the <literal>TRIM</literal> command when freeing data
972 blocks. A new flag <option>-t</option> in the &man.newfs.8;
973 and &man.tunefs.8; utilities sets the TRIM-enable flag for a
974 file system. The TRIM-enable flag makes the file system
975 send a delete request to the underlying device for each
976 freed block. The <literal>TRIM</literal> command is
977 specified as a Data Set Management Command in the ATA8-ACS2
978 standard to carry the information related to deleted data
979 blocks to a device, especially for a SSD (Solid-State Drive) for
982 <para revision="221233">A new flag <option>-E</option> has
983 been added to the &man.newfs.8; and &man.fsck.ffs.8; utilities.
984 This clears unallocated blocks, notifying the underlying
985 device that they are not used and that their contents may be
986 discarded. This is useful in &man.fsck.ffs.8; for file
987 systems which have been mounted on systems without
988 <literal>TRIM</literal> support, or with
989 <literal>TRIM</literal> support disabled, as well as
990 filesystems which have been copied from one device to
993 <para revision="221124">The &os; NFS subsystem has been
994 updated. The new implementation supports NFS version 4 in
995 addition to 2 and 3. The kernel options for the NFS server
996 and client are changed from <literal>NFSSERVER</literal> and
997 <literal>NFSCLIENT</literal> to <literal>NFSD</literal> and
998 <literal>NFSCL</literal>. &man.sysctl.8; variables which
999 start with <varname>vfs.nfssrv.</varname> have been renamed
1000 to <varname>vfs.nfsd.</varname>. The NFS server now
1001 supports <varname>vfs.nfsd.server_max_nfsvers</varname> and
1002 <varname>vfs.nfsd.server_min_nfsvers</varname>
1003 &man.sysctl.8; variables to specify the maximum and the
1004 minimum NFS version number which the server accepts. The
1005 default value is set to <literal>3</literal> and
1006 <literal>2</literal>, respectively.</para>
1008 <para>To enable NFSv4, the following variables are needed on
1009 the server side in &man.rc.conf.5;:</para>
1011 <programlisting>nfsv_server_enable="YES"
1012 nfsv4_server_enable="YES"
1013 nfsuserd_enable="YES"</programlisting>
1015 <para>and the following line is needed in
1016 <filename>/etc/exports</filename>:</para>
1018 <programlisting>V4: /</programlisting>
1020 <para>For more information about NFSv4 and its configuration,
1021 see the &man.nfsv4.4; and &man.exports.5; manual pages.</para>
1023 <para revision="221436">The &os; NFS subsystem now supports a
1024 <option>nocto</option> mount option. This disables the
1025 close-to-open cache coherency check at open time. This
1026 option may improve performance for read-only mounts, but
1027 should only be used only if the data on the server changes
1028 rarely. The &man.mount.nfs.8; utility now also supports
1029 this flag keyword.</para>
1031 <para revision="225537">A &man.loader.8; tunable
1032 <varname>vfs.typenumhash</varname> has been added and set to
1033 <literal>1</literal> by default. This enables to use a hash
1034 calculation on the file system identification number internally
1035 used in the kernel. This fixes the <quote>Stale NFS file
1036 handle</quote> error on NFS clients when upgrading or
1037 rebuilding the kernel on the NFS server due to unexpected
1038 change of these identification number values.</para>
1040 <para revision="219089">The &os; ZFS subsystem has been
1041 updated to the SPA (Storage Pool Allocator, also known as
1042 zpool) version 28. It now supports data deduplication,
1043 triple parity RAIDZ (raidz3), snapshot holds, log device
1044 removal, zfs diff, zpool split, zpool import
1045 <option>-F</option>, and read-only zpool import.</para>
1049 <sect2 id="userland">
1050 <title>Userland Changes</title>
1052 <para revision="219359,219571">Complex exponential functions
1053 &man.cexp.3; and &man.cexpf.3;, and cube root function
1054 &man.cbrtl.3; have been added to
1055 <application>libm</application>.</para>
1057 <para revision="224152,224153,224154">The &man.bsdtar.1; and
1058 &man.cpio.1; utilities are now based on
1059 <application>libarchive</application> version 2.8.4.</para>
1061 <para revision="217416">The &man.cpuset.1; utility now supports
1062 a <option>-C</option> flag to create a new cpuset and assign
1063 an existing process into that set, and an
1064 <literal>all</literal> keyword in the <option>-l
1065 <replaceable>cpu-list</replaceable></option> option to specify
1066 all CPUs in the system.</para>
1068 <para revision="219739">The &man.dhclient.8; utility now uses
1069 &man.resolvconf.8; to manage the &man.resolv.conf.5; file by
1070 default. A <varname>resolvconf_enable</varname> variable in
1071 <filename>/etc/dhclient-enter-hooks</filename> controls the
1074 <para revision="217505">A bug in the &man.fetch.1; utility which
1075 could prevent the <command>STAT</command> FTP command from working
1076 properly has been fixed.</para>
1078 <para revision="219415">The &man.gpart.8; utility now supports a
1079 <option>-p</option> flag to the <command>show</command>
1080 subcommand. This allows showing providers' names of
1081 partitions instead of the partitions' indexes.</para>
1083 <para revision="218049">The &man.hastd.8; utility now drops
1084 <literal>root</literal> privileges of the worker processes to the
1085 <literal>hast</literal> user.</para>
1087 <para revision="219351">The &man.hastd.8; utility now supports a
1088 <literal>checksum</literal> keyword to specify the checksum
1089 algorithm in a <literal>resource</literal> section. As of
1090 &release.current;, <literal>none</literal>,
1091 <literal>sha256</literal>, and <literal>crc32</literal> are
1094 <para revision="219354">The &man.hastd.8; utility now supports a
1095 <literal>compression</literal> keyword to specify the compression
1096 algorithm in a <literal>resource</literal> section. As of
1097 &release.current;, <literal>none</literal>,
1098 <literal>hole</literal> and <literal>lzf</literal> are
1101 <para revision="219818">The &man.hastd.8; utility now supports a
1102 <literal>source</literal> keyword to specify the local address
1103 to bind to before connecting the remote &man.hastd.8
1106 <para revision="219019">An implementation of
1107 <function>iconv()</function> API libraries and utilities which
1108 are standardized in Single UNIX Specification has been
1109 imported. These are based on NetBSD's Citrus implementation.
1110 Note that these are not built nor installed by default. To
1111 build and install them, specify
1112 <literal>WITH_ICONV=yes</literal> in
1113 <filename>/etc/src.conf</filename> and rebuild the base system
1114 as described in the <ulink
1115 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
1116 Handbook</ulink>.</para>
1118 <para revision="217013">The &man.ifconfig.8; utility now
1119 supports <literal>fdx</literal>, <literal>flow</literal>,
1120 <literal>hdx</literal>, and <literal>loop</literal> keywords
1121 as aliases of <literal>full-duplex</literal>,
1122 <literal>flowcontrol</literal>,
1123 <literal>half-duplex</literal>,
1124 and <literal>loopback</literal>, respectively.</para>
1126 <para revision="220370">A &man.readline.3; API set has been
1127 imported into <application>libedit</application>. This is
1128 based on NetBSD's implementation and BSD licensed utilities
1129 now use it instead of GNU
1130 <application>libreadline</application>.</para>
1132 <para revision="224762">The &man.makefs.8; utility now supports the
1133 ISO 9660 format.</para>
1135 <para revision="220496,220497"><application>libmd</application>
1136 and <application>libcrypt</application> now support the SHA-256
1137 and SHA-512 algorithms.</para>
1139 <para revision="217642">The &man.netstat.1; utility now does not
1140 expose the internal scope address representation used in the &os;
1141 kernel, which is derived from KAME IPv6 stack, in the results
1142 of <command>netstat -ani</command> and <command>netstat
1143 -nr</command>.</para>
1145 <para revision="218127">The &man.newsyslog.8; utility now
1146 supports &man.xz.1; compression. An <literal>X</literal> flag
1147 in the optional field has been added to specify the
1150 <para revision="219563">The &man.pam.group.8; module now
1151 supports <option>ruser</option> and <option>luser</option>
1152 options. The <option>ruser</option> make it accept or reject
1153 based on the supplicant's group membership and this is the
1154 default behavior. The <option>luser</option> checks the
1155 target user's group membership instead of the supplicant's
1156 one. If neither option was specified, &man.pam.group.8;
1157 assumes <option>ruser</option> and issues a warning.</para>
1159 <para revision="216823">A &man.poweroff.8; utility has been added.
1160 This is equivalent to:</para>
1162 <screen>&prompt.root; shutdown -p now</screen>
1164 <para revision="218397">The &man.ppp.8; utility now supports
1165 <command>iface name <replaceable>name</replaceable></command>
1166 and <command>iface description
1167 <replaceable>description</replaceable></command> commands.
1168 These have the same functionalities as the <literal>name</literal>
1169 and <literal>description</literal> subcommands of the
1170 &man.ifconfig.8; utility.</para>
1172 <para revision="219307,219713">The &man.ps.1; utility now
1173 supports an <option>-o class</option> option to display the login
1174 class information of each process, and <option>-o
1175 usertime</option> and <option>-o systime</option> options for
1176 accumulated system and user CPU time, respectively.</para>
1178 <para revision="222732">The &man.rtadvd.8; daemon now supports a
1179 <literal>noifprefix</literal> keyword to disable gathering
1180 on-link prefixes from interfaces when no
1181 <literal>addr</literal> keyword is specified. An entry in
1182 <filename>/etc/rtadvd.conf</filename> with
1183 <literal>noifprefix</literal> and no <literal>addr</literal>
1184 generates an RA message with no prefix information
1187 <para revision="222732,224006">The &man.rtsold.8; and
1188 &man.rtadvd.8; daemons now support the RDNSS and DNSSL options
1189 described in RFC 6106, <quote>IPv6 Router Advertisement
1190 Options for DNS Configuration</quote>. A &man.rtadvctl.8;
1191 utility to control the &man.rtadvd.8; daemon has been
1194 <para revision="216695">The &man.rtld.1; runtime linker now supports
1195 shared objects as filters in ELF shared libraries. Both
1196 standard and auxiliary filtering have been supported. The
1197 &man.rtld.1; linker's processing of a filter defers loading a
1198 filtee until a filter symbol is referenced unless the
1199 <varname>LD_LOADFLTR</varname> environment variable is defined
1200 or a <literal>-z loadfltr</literal> option was specified when
1201 the filter was created.</para>
1203 <para revision="217133">A race condition in the &man.sed.1;
1204 utility has been fixed. When an <option>-i</option> option is
1205 specified, there could be a short time window with no file
1206 with the original file name.</para>
1208 <para revision="216629">The &man.sh.1; program now supports
1209 <command>kill</command> as a built-in command. This allows
1210 specifying <literal>%<replaceable>job</replaceable></literal>
1211 which is equivalent to the corresponding process group. Note
1212 that this built-in command returns the exit status
1213 <literal>2</literal> instead of <literal>1</literal> if a
1214 fatal error occurs as other built-in commands do.</para>
1216 <para revision="217176,217472">A bug in the &man.sh.1; program has been
1217 fixed for POSIX conformance. It could return an incorrect exit
1218 status when an <command>exit</command> command with no
1219 parameter is specified in the <literal>EXIT trap</literal>
1220 handler, which is triggered when the shell terminates.
1221 In trap actions for other signals, an <command>exit</command>
1222 command with no parameter returns an exit status corresponding
1223 to the received signal.</para>
1225 <para revision="217557">A bug in the &man.sh.1; program has been
1226 fixed. When a foreground job exits on a signal, a message is
1227 printed to <filename>stdout</filename> about this. The buffer
1228 was not flushed after printing which could result in the message
1229 being written to the wrong file if the next command was a
1230 built-in and had <filename>stdout</filename> redirected.</para>
1232 <para revision="217461">The &man.sh.1; program now supports a
1233 <option>--</option> flag in <command>trap</command> command to
1234 stop the option processing.</para>
1236 <para revision="217206">The <literal>%builtin</literal> keyword
1237 support in the <varname>$PATH</varname> variable has been removed
1238 from the &man.sh.1; program. All built-in commands are always
1239 found before looking up directories in
1240 <varname>$PATH</varname>.</para>
1242 <para revision="218466">Arithmetic expression handling code in
1243 the &man.sh.1; program has been updated by importing code from
1244 <application>dash</application>. It now supports the conditional
1245 operator (<literal>?:</literal>) and a bug in evaluation of
1246 && and || around an arithmetic expression has been
1249 <para revision="224536">A bug in the &man.tftpd.8; daemon has
1250 been fixed. It had an interoperability issue when
1251 transferring a large file.</para>
1253 <para revision="202188">The &man.utmp.5; user accounting
1254 database has been replaced by &man.utmpx.3;. User accounting
1255 utilities will now use <filename>utmpx</filename> database
1256 files exclusively. The &man.wtmpcvt.1; utility can be used to
1257 convert <filename>wtmp</filename> files to the new format,
1258 making it possible to read them using the updated
1261 <para revision="218847">A &man.utxrm.8; utility has been added.
1262 This allows one to remove an entry from the
1263 <filename>utmpx</filename> database by hand. This is useful
1264 when a login daemon crashes or fails to remove the entry
1265 during shutdown.</para>
1267 <para revision="224171">The &man.zpool.8: utility now supports a
1268 <command>zpool labelclear</command> command. This allows to
1269 wipe the label data from a drive that is not active in a
1273 <sect2 id="contrib">
1274 <title>Contributed Software</title>
1276 <para revision="222544"><literal>ACPI CA</literal> has been
1277 updated to version 20110527.</para>
1279 <para revision="224731">The <application>awk</application> has
1280 been updated to the 7 August 2011 release.</para>
1282 <para revision="228189"><application>ISC BIND</application> has
1283 been updated to version 9.8.1-P1.</para>
1285 <para revision="218822"><application>GNU binutils</application>
1286 has been updated to 2.17.50 (as of 3 July 2007), which is the
1287 last available version under GPLv2.</para>
1289 <para revision="222656">The
1290 <application>compiler-rt</application> library, which provides
1291 low-level target-specific interfaces such as functions in
1292 <application>libgcc</application>, has been imported.</para>
1294 <para revision="224014"><literal>dialog</literal> has been
1295 updated to version 1.1-20110707.</para>
1297 <para revision="221793">The <literal>netcat</literal> utility
1298 has been updated to version 4.9.</para>
1300 <para revision="223328">The <application>tnftp</application> (formerly
1301 known as <application>lukemftp</application>) has been updated
1302 to tnftp-20100108.</para>
1304 <para revision="220150"><application>GNU GCC</application> and
1305 <application>libstdc++</application> have been updated to rev
1306 127959 of <literal>gcc-4_2-branch</literal> (the last
1307 GPLv2-licensed version).</para>
1309 <para revision="219557"><application>gdtoa</application>, a set
1310 of binary from/to decimal number conversion routines used in
1311 &os;'s <application>libc</application> library has been updated
1312 to a snapshot as of 4 March, 2011.</para>
1314 <para revision="222906">The <application>LESS</application>
1315 program has been updated to version v444.</para>
1317 <para revision="208954">The <application>LLVM</application>
1318 compiler infrastructure and
1319 <application>clang</application>, a C language family
1320 front-end, version 3.0 have been imported. Note that it is not
1321 used for building the &os; base system by default. In the &os; build
1322 infrastructure, the &man.clang.1;, &man.clang...1;, and
1323 &man.clang-cpp.1; utilities can be used in
1324 <varname>CC</varname>, <varname>CXX</varname>, and
1325 <varname>CPP</varname> &man.make.1; variables,
1326 respectively.</para>
1328 <para revision="219734"><application>Openresolv</application>
1329 version 3.4.4 has been imported. The &man.resolvconf.8;
1330 utility now manages the &man.resolv.conf.5; file.</para>
1332 <para revision="221484,224638">The
1333 <application>OpenSSH</application> utility has been updated to
1334 5.8p2, and optimization for large bandwidth-delay product
1335 connection and <literal>none</literal> cipher support have
1338 <para revision="223637">The <application>pf</application> packet
1339 filter has been updated to version 4.5.</para>
1341 <para revision="223067"><application>sendmail</application>
1342 has been updated to version 8.14.5.</para>
1344 <para revision="226750">The <application>timezone</application>
1345 database has been updated to the
1346 <application>tzdata2011m</application> release.</para>
1348 <para revision="217698">The &man.unifdef.1; utility has been updated
1349 to version 2.5.6.</para>
1351 <para revision="223935">The <application>xz</application>
1352 program has been updated from 5.0.0 to a snapshot as of 11
1357 <title>Release Engineering and Integration</title>
1359 <para revision="218799">A new installer &man.bsdinstall.8; has
1360 been added and integrated into installation ISO images. The
1361 &man.sysinstall.8; utility is also available for configuration
1362 after the installation.</para>
1364 <para>The supported version of
1365 the <application>KDE</application> desktop environment
1366 (<filename role="package">x11/kde4</filename>) has been
1367 updated from 4.5.5 to 4.7.3.</para>
1371 <sect1 id="upgrade">
1372 <title>Upgrading from previous releases of &os;</title>
1375 <title>Upgrading using freebsd-update(8) or a source-based
1378 <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE,
1379 binary upgrades between RELEASE versions (and snapshots of the
1380 various security branches) are supported using the
1381 &man.freebsd-update.8; utility. The binary upgrade procedure will
1382 update unmodified userland utilities, as well as a unmodified GENERIC kernel
1383 distributed as a part of an official &os; release.
1384 The &man.freebsd-update.8; utility requires that the host being
1385 upgraded have Internet connectivity.</para>
1387 <para>Source-based upgrades (those based on recompiling the &os;
1388 base system from source code) from previous versions are
1389 supported, according to the instructions in
1390 <filename>/usr/src/UPDATING</filename>.</para>
1392 <para>For more specific information about upgrading
1393 instructions, see <ulink
1394 url="http://www.FreeBSD.org/releases/9.0R/installation.html"></ulink>.</para>
1397 <para>Upgrading &os; should, of course, only be attempted after
1398 backing up <emphasis>all</emphasis> data and configuration
1404 <title id="upgrade-pitfalls">User-visible incompatibilities</title>
1406 <para>This section describes notable incompatibilities which you
1407 might want to know before upgrading your system.
1408 <emphasis>Please read this section and the <ulink
1409 url="http://www.FreeBSD.org/releases/9.0R/errata.html">Errata
1410 document</ulink> carefully before submitting a problem report
1411 and/or posting a question to the FreeBSD mailing
1412 lists.</emphasis></para>
1415 <title>Update of <literal>dialog</literal></title>
1417 <para>The <literal>dialog</literal> library is used in &os;'s
1418 new installer and the &os; Ports Collection to display a dialog
1419 window and allow users to select various options. Note that
1420 it is updated in &release.current; and there are several
1421 differences in key operations which might confuse users
1422 who are familiar with releases prior to &release.current;.
1423 For example, pushing the enter key in a checklist window will
1424 no longer check an item. The new version
1425 consistently uses space bar for selecting an item and the
1426 enter key for OK/Cancel selection.</para>
1430 <title>Partition Metadata Integrity Check</title>
1432 <para>&os; now checks the integrity of partition metadata when
1433 a partition table is found on a disk though the GEOM
1434 <application>PART</application> subsystem. This detection
1435 is automatically performed when a disk device is ready.
1436 The GEOM <application>PART</application> class in the kernel
1437 verifies all generic partition parameters obtained from the
1438 disk metadata, and if some inconsistency is detected, the
1439 partition table will be rejected with the following
1440 diagnostic message:</para>
1442 <screen>GEOM_PART: Integrity check failed</screen>
1444 <para>This integrity check is enabled by default. On a system
1445 prior to &release.current;, the inconsistencies were
1446 silently ignored. Therefore, there is a possibility that this
1447 prevents a system from booting after upgrading it to
1448 &release.current;. More specifically, the kernel cannot
1449 mount the system partition at boot time in some
1452 <para>If this happens, a &man.loader.8; tunable
1453 <varname>kern.geom.part.check_integrity</varname> can be
1454 used as a workaround. Enter the following lines in the
1455 &man.loader.8; prompt at boot time:</para>
1457 <screen><userinput>set kern.geom.part.check_integrity="0"</userinput>
1458 <userinput>boot</userinput></screen>
1460 <para>These commands temporarily disable the integrity check.
1461 If it was the cause of the boot failure, the &os; kernel should detect the
1462 partitions as the prior release
1463 did, after entering the commands. This configuration can be added into
1464 <filename>/boot/loader.conf</filename> as follows:</para>
1466 <programlisting>kern.geom.part.check_integrity="0"</programlisting>
1468 <para>To check inconsistent metadata after booting on the
1469 system, use the &man.gpart.8; utility on the system. A
1470 corrupted entry will be displayed like the following:</para>
1472 <screen>&prompt.user; gpart show
1473 => 63 1953525104 mirror/gm0 MBR (931G) [CORRUPT]
1474 63 1953525105 1 freebsd [active] (931G)</screen>
1476 <para>For more information, see the &man.gpart.8; manual page.</para>
1480 <title>ATA/SATA subsystem now &man.cam.4;-based</title>
1482 <para>In &release.current;, the &os; ATA/SATA disk subsystem has
1483 been replaced with a new &man.cam.4;-based implementation.
1484 &man.cam.4; stands for Common Access Method, which is an
1485 implementation of an API set originally for SCSI-2 and
1486 standardized as "SCSI-2 Common Access Method Transport and
1487 SCSI Interface Module". &os; has used the &man.cam.4; subsystem
1488 to handle SCSI devices since 3.X.</para>
1490 <para>Although the new &man.cam.4;-based ATA/SATA subsystem
1491 provides various functionality which the old &man.ata.4; did
1492 not have, it also has some incompatibilities:</para>
1496 <para>An ATA/SATA disk is now recognized as a device node
1498 <devicename>ada<replaceable>0</replaceable></devicename>
1500 <devicename>ad<replaceable>0</replaceable></devicename>.
1501 Currently, a symbolic link
1502 <filename>/dev/ad<replaceable>0</replaceable></filename>
1503 is automatically generated for
1504 <filename>/dev/ada<replaceable>0</replaceable></filename>
1505 to keep backward compatibility. This symbolic link
1506 generation can be controlled by a
1507 <varname>kern.cam.ada.legacy_aliases</varname> (enabled
1508 by default). You might want to update
1509 <filename>/etc/fstab</filename> and/or consider using
1510 volume labels (see &man.glabel.8; for more details) for
1511 specifying each file system to be mounted.</para>
1515 <para>The &man.atacontrol.8; utility cannot be used for
1516 &man.cam.4;-based devices. The &man.camcontrol.8
1517 utility is a replacement.</para>
1521 <para>&man.ataraid.4; software RAID is now supported by the
1522 &man.graid.8; GEOM class. It generates a device node
1524 <filename>/dev/raid/r<replaceable>0</replaceable></filename>
1525 if you previously had
1526 <filename>/dev/ar<replaceable>0</replaceable></filename>.
1527 Note that this is not enabled by default. To enable it,
1528 enter the following line in the &man.loader.8; prompt:</para>
1530 <screen>set geom_raid_load="YES"
1533 <para>or add the following line to
1534 <filename>/boot/loader.conf</filename>:</para>
1536 <programlisting>geom_raid_load="YES"</programlisting>
1538 <para>and reboot the system. A symbolic link like
1539 <filename>/dev/ar<replaceable>0</replaceable></filename>
1540 will NOT be generated for
1541 <filename>/dev/raid/r<replaceable>0</replaceable></filename>.
1542 Therefore, if your system used
1543 <filename>/dev/ar<replaceable>0</replaceable></filename>
1544 as the root partition, mounting local file systems will
1545 fail because it is renamed to
1546 <filename>/dev/raid/r<replaceable>0</replaceable></filename>.
1547 You need to update <filename>/etc/fstab</filename>
1548 manually in that case.</para>
1552 <para>The &man.burncd.8; utility does not work with
1553 &man.cam.4;-based devices. Use the cdrecord(1) utility
1554 in <filename role="package">sysutils/cdrtools</filename>
1561 <title>Network Configuration Changes in
1562 <filename>/etc/rc.conf</filename></title>
1564 <para>Although variables in &man.rc.conf.5; are basically
1565 compatible with earlier releases, ones related to network
1566 configuration are changed because of reorganization of the
1567 &man.rc.8; scripts.</para>
1571 <para>An address configuration now always needs an address
1572 family keyword. For example, the following line</para>
1574 <programlisting>ifconfig_em0="192.168.2.1 netmask 255.255.255.0"</programlisting>
1576 <para>should be</para>
1578 <programlisting>ifconfig_em0="inet 192.168.2.1 netmask 255.255.255.0"</programlisting>
1580 <para>Although the old convention is still supported in
1581 the existing variables for backward compatibility, some
1582 new variables do not support it.</para>
1587 <varname>ifconfig_<replaceable>IF</replaceable>_alias<replaceable>0</replaceable></varname>
1588 variable now requires an address family keyword to
1589 support non-IPv4 address families. For instance,</para>
1591 <programlisting>ifconfig_em0_alias0="192.168.2.10 netmask 255.255.255.255"</programlisting>
1593 <para>should be</para>
1595 <programlisting>ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255"</programlisting>
1597 <para>Different address families can coexist like the
1600 <programlisting>ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255"
1601 ifconfig_em0_alias1="inet6 2001:db8:1::1 prefixlen 64"</programlisting>
1603 <para>Note that IPv6 alias configurations in
1604 <varname>ifconfig_<replaceable>IF</replaceable>_alias<replaceable>N</replaceable></varname>
1605 will be ignored when no
1606 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>
1607 variable is defined because it determines whether IPv6
1608 functionality is enabled on that interface or not (this
1609 variable will be explained later).</para>
1613 <para>All alias and static routing configurations
1614 through &man.rc.conf.5; variables will be deactivated when
1615 invoking &man.rc.8; scripts or the &man.service.8; command
1616 with the <literal>stop</literal> keyword.</para>
1618 <screen>&prompt.root; service netif stop em0</screen>
1620 <para>stops the interface <literal>em0</literal>.</para>
1622 <screen>&prompt.root; service routing stop</screen>
1624 <para>deactivates all static route configurations.</para>
1626 <para>Releases prior to &os; &release.current; did not
1627 support this functionality properly for non-IPv4
1632 <para>IPv6 configuration handling has been changed in the
1633 following way. Before in-depth explanations, here is a
1634 before-and-after example. What was previously:</para>
1636 <programlisting>ifconfig_em0="192.168.2.1 netmask 255.255.255.0"
1637 ifconfig_em0_alias0="192.168.2.2 netmask 255.255.255.255"
1640 ipv6_ifconfig_em0="2001:db8:1::1 prefixlen 64"
1641 ipv6_ifconfig_em0_alias0="2001:db8:2::1 prefixlen 64"
1642 # em1 uses SLAAC for IPv6 address configuration</programlisting>
1644 <para>should be in &release.current;:</para>
1646 <programlisting>ifconfig_em0="inet 192.168.2.1 netmask 255.255.255.0"
1647 ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64 accept_rtadv"
1648 ifconfig_em0_alias0="inet 192.168.2.2 netmask 255.255.255.255"
1649 ifconfig_em0_alias1="inet6 2001:db8:2::1 prefixlen 64"
1651 ifconfig_em1_ipv6="inet6 accept_rtadv"</programlisting>
1653 <para>More specific explanations of the changes are as
1658 <para>The <varname>ipv6_enable</varname> variable is
1659 deprecated. IPv6 functionality on the system is
1660 enabled by default. No IPv6 communication will
1661 happen if you configure no IPv6 address.</para>
1663 <para>&release.current; now supports intermediate
1664 configurations between a host and a router IPv6
1665 node. The <varname>ipv6_enable</varname> variable
1666 assumed that the system was a host node when
1667 <varname>ipv6_gateway_enable</varname> was set to
1668 <literal>NO</literal> (default), and a router node
1669 if not. A host node always accepted ICMPv6 Router
1670 Advertise messages, and a router did not.</para>
1672 <para>In &release.current;, this model is still
1673 applied but on a per-interface basis, not a
1674 system-wide basis. Specifically, if an interface has
1675 an <literal>ACCEPT_RTADV</literal> flag, RA messages
1676 will be accepted on that interface for SLAAC
1677 (StateLess Address AutoConfiguration) regardless of
1678 whether the packet forwarding is enabled or
1681 <para>In addition to them, a per-interface flag
1682 <literal>NO_RADR</literal> and a &man.sysctl.8;
1683 variable <varname>net.inet6.ip6.rfc6204w3</varname>
1684 have been added. This controls whether default
1685 router list information via RA messages on an
1686 RA-accepting interface should be ignored or not. In
1687 an IPv6 router model, it is not supposed to accept
1688 RA messages as an information source for the default
1689 router list. Because of that, &os; &release.current;
1690 ignores the default router list part when IPv6
1691 packet forwarding is enabled, even if the interface
1692 has an <literal>ACCEPT_RTADV</literal> flag. However,
1693 this can make for a difficult situation when the system
1694 has to work as a CPE (Customer Premises Equipment)
1695 which needs RA messages from the upstream network
1696 for network configuration and acts as a router for
1697 the LAN simultaneously. For more information about
1698 this kind of configuration, see RFC 6204.</para>
1700 <para>To support this kind of configuration, the
1701 <varname>ipv6_cpe_wanif</varname> variable in
1702 &man.rc.conf.5; can be used.</para>
1704 <programlisting>ipv6_gateway_enable="YES"
1705 ipv6_cpe_wanif="em0"</programlisting>
1707 <para>means the <literal>em0</literal> interface
1708 accepts RA messages and the default router
1709 information in them, and the other interfaces ignore
1710 the default router information part even when
1711 the <literal>ACCEPT_RTADV</literal> flag is set on
1714 <para><varname>ipv6_cpe_wanif</varname> handling internally
1715 sets the <varname>net.inet6.ip6.rfc6204w3</varname>
1716 and the <varname>net.inet6.ip6.no_radr</varname>
1717 &man.sysctl.8; variables to <literal>1</literal>.
1718 Note that both are set to <literal>0</literal> by
1719 default. When the former is set to
1720 <literal>1</literal>, &os; accepts the default
1721 router list even when IPv6 packet forwarding is
1722 enabled. Note that a system administrator needs to
1723 set a <literal>NO_RADR</literal> flag on the other
1724 RA-accepting interfaces, if any, to prevent it from
1725 accepting unexpected default router information.
1726 The latter variable means the <literal>NO_RADR</literal> flag is automatically
1729 <para>If <literal>ipv6_enable="YES"</literal> is
1730 defined in &os; &release.current;, it sets
1731 <literal>ipv6_activate_all_interfaces="YES"</literal>
1732 in <filename>/etc/rc.conf</filename> and the
1733 <literal>inet6 accept_rtadv</literal>
1734 &man.ifconfig.8; option on all network interfaces.
1735 Note that this is only for backward compatibility.
1736 The <varname>ipv6_enable</varname> should not be
1737 used in &os; &release.current;.</para>
1742 <varname>ipv6_ifconfig_<replaceable>IF</replaceable></varname>
1743 variable is renamed to
1744 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>.
1745 This variable controls whether IPv6 functionality
1746 should be enabled on that interface or not. If
1747 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>,
1748 is not set, there is no IPv6 functionality on the interface
1749 <replaceable>IF</replaceable>.</para>
1752 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> variable
1753 always needs the address family keyword
1754 <literal>inet6</literal>. If you need an automatic
1755 link-local address only, the following line is enough:</para>
1757 <programlisting>ifconfig_em0_ipv6="inet6 auto_linklocal"</programlisting>
1759 <para>If you need full-blown IPv6 functionality on all
1760 interfaces like prior releases with
1761 <literal>ipv6_enable="YES"</literal>, including ones
1763 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6
1764 line</varname>, you might want to use the
1765 <varname>ipv6_activate_all_interfaces</varname>
1766 variable as explained later.</para>
1768 <para>If <literal>ipv6_ifconfig_<replaceable>IF</replaceable>="..."</literal> is
1769 defined in &os; &release.current;, it means
1770 <literal>ifconfig_<replaceable>IF</replaceable>_ipv6="inet6 ..."</literal>.
1771 Note that this is only for backward compatibility.
1772 The <literal>inet6</literal> address family keyword
1773 is required for <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>,
1774 but was NOT required for
1775 <varname>ipv6_ifconfig_<replaceable>IF</replaceable></varname>. The
1776 <varname>ipv6_ifconfig_<replaceable>IF</replaceable></varname> variables should not be
1777 used in &release.current;.</para>
1781 <para>An interface with no corresponding
1782 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> variable is
1783 marked with an <literal>IFDISABLED</literal> flag by
1784 &man.devd.8; daemon. This flag means IPv6
1785 communication is disabled on that interface. This
1786 can also be found in output of
1787 &man.ifconfig.8;:</para>
1789 <screen>&prompt.user; ifconfig em0
1790 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
1791 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
1792 ether xx:xx:xx:xx:xx:xx
1793 inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
1794 nd6 options=3<PERFORMNUD,IFDISABLED,ACCEPT_RTADV>
1795 media: Ethernet autoselect (1000baseT <full-duplex>)
1799 <para>To enable IPv6 functionality, this flag should
1800 be removed first. There are several ways to do so.
1801 Adding an IPv6 address automatically removes this
1802 flag. It is possible to remove this flag explicitly
1803 by using the following command:</para>
1805 <screen>&prompt.root; ifconfig em0 inet6 -ifdisabled</screen>
1807 <para>Note that defining an
1808 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> is the most
1809 reasonable way to activate IPv6 functionality on
1810 that interface. This <literal>IFDISABLED</literal>
1811 flag is to prevent unintended IPv6 communications
1812 in an IPv4-only environment even when the interface
1813 has an IPv6 link-local address. If you need
1814 full-blown IPv6 functionality on all interfaces, you
1815 might want to use the
1816 <varname>ipv6_activate_all_interfaces</varname>
1817 variable as explained later.</para>
1821 <para>The &man.sysctl.8; variable
1822 <varname>net.inet6.ip6.accept_rtadv</varname> has
1823 been changed. It was a system-wide configuration
1824 knob which controlled whether the system accepts ICMPv6
1825 Router Advertisement messages or not. In
1826 &os; &release.current;, this knob is converted into a
1827 per-interface <literal>inet6 accept_rtadv</literal>
1828 &man.ifconfig.8; option. Although the
1829 &man.sysctl.8; variable is available still in
1830 &os; &release.current;, it now controls whether the
1831 per-interface option is set by default or not. The
1832 default value is <literal>0</literal> (not accept
1833 the RA messages).</para>
1837 <para>The &man.sysctl.8; variable
1838 <varname>net.inet6.ip6.auto_linklocal</varname> has
1839 been changed. It was a system-wide configuration
1840 knob which controlled whether an IPv6 link-local address
1841 was generated on a network interface when it became
1842 up. In &os; &release.current;, this knob is converted
1843 into a per-interface <literal>inet6
1844 auto_linklocal</literal> &man.ifconfig.8; option.
1845 Although the &man.sysctl.8; variable is still available
1846 in &os; &release.current;, it now controls whether the
1847 per-interface option is set by default or not. The
1848 default value is <literal>1</literal> (generate a
1849 link-local automatically).</para>
1853 <para>The functionality of
1854 <varname>ipv6_ifconfig_<replaceable>IF</replaceable>_alias<replaceable>0</replaceable></varname>
1856 <varname>ifconfig_<replaceable>IF</replaceable>_alias<replaceable>0</replaceable></varname>.
1857 Note that address family keywords are always required:</para>
1859 <programlisting>ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255"
1860 ifconfig_em0_alias1="inet6 2001:db8:1::1 prefixlen 64</programlisting>
1863 <varname>ipv6_ifconfig_<replaceable>IF</replaceable>_alias<replaceable>N</replaceable></varname>
1864 is still usable in &os; &release.current;, it is only for
1865 backward compatibility.</para>
1870 <varname>ipv6_activate_all_interfaces</varname> variable
1871 has been added. If this variable is set to
1872 <literal>YES</literal>, the <literal>IFDISABLED</literal>
1873 option will not be added even if
1874 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> variables are not
1875 defined. This can prevent <literal>IFDISABLED</literal>
1876 on dynamically-added interfaces such as &man.ppp.4;,
1877 &man.tap.4;, and &man.ng.iface.4; where defining
1878 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> in advance is
1887 <title>Openresolv and <filename>/etc/resolv.conf</filename></title>
1889 <para>The &man.resolvconf.8; utility has been added and it now
1890 handles updating the &man.resolv.conf.5; file. Direct
1891 modifications to <filename>/etc/resolv.conf</filename> can
1892 be overwritten by network configuration utilities such as
1893 &man.dhclient.8; and &man.rtsold.8;.</para>
1897 <title>Disk Partition Management Utilities</title>
1899 <para>In earlier releases various utilities were available to
1900 manage disk partition information. They are deprecated in
1901 favor of the &man.gpart.8; utility. Specifically, the
1902 &man.fdisk.8;, &man.disklabel.8; &man.bsdlabel.8;, and
1903 &man.sunlabel.8; utilities are no longer supported actively
1904 though these are still available for backward
1905 compatibility.</para>