1 <?xml version="1.0" encoding="iso-8859-1" standalone="no"?>
2 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V4.2-Based Extension//EN" [
3 <!ENTITY % entities PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Entity Set//EN">
6 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
12 <title>&os; &release.current; Release Notes</title>
14 <corpauthor>The &os; Project</corpauthor>
16 <pubdate>$FreeBSD$</pubdate>
20 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
23 <legalnotice id="trademarks" role="trademarks">
33 <para>The release notes for &os; &release.current; contain a summary
34 of the changes made to the &os; base system on the
35 &release.branch; development line.
36 This document lists applicable security advisories that were issued since
37 the last release, as well as significant changes to the &os;
39 Some brief remarks on upgrading are also presented.</para>
44 <title>Introduction</title>
46 <para>This document contains the release notes for &os;
48 describes recently added, changed, or deleted features of &os;.
49 It also provides some notes on upgrading
50 from previous versions of &os;.</para>
52 <para>This distribution of &os; &release.current; is a
53 &release.type; distribution. It can be found at <ulink
54 url="&release.url;"></ulink> or any of its mirrors. More
55 information on obtaining this (or other) &release.type;
56 distributions of &os; can be found in the <ulink
57 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
58 &os;</quote> appendix</ulink> to the <ulink
59 url="&url.books.handbook;/">&os;
60 Handbook</ulink>.</para>
62 <para>All users are encouraged to consult the release errata before
63 installing &os;. The errata document is updated with
64 <quote>late-breaking</quote> information discovered late in the
65 release cycle or after the release. Typically, it contains
66 information on known bugs, security advisories, and corrections to
67 documentation. An up-to-date copy of the errata for &os;
68 &release.current; can be found on the &os; Web site.</para>
73 <title>What's New</title>
75 <para>This section describes
76 the most user-visible new or changed features in &os;
77 since &release.prev;.</para>
79 <para>Typical release note items
80 document recent security advisories issued after
82 new drivers or hardware support, new commands or options,
83 major bug fixes, or contributed software upgrades. They may also
84 list changes to major ports/packages or release engineering
85 practices. Clearly the release notes cannot list every single
86 change made to &os; between releases; this document focuses
87 primarily on security advisories, user-visible changes, and major
88 architectural improvements.</para>
91 <title>Security Advisories</title>
93 <para>Problems described in the following security advisories have
94 been fixed. For more information, consult the individual
95 advisories available from
96 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
98 <informaltable frame="none" pgwide="1">
100 <colspec colwidth="1*"/>
101 <colspec colwidth="1*"/>
102 <colspec colwidth="3*"/>
105 <entry>Advisory</entry>
113 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:01.mountd.asc"
114 >SA-11:01.mountd</ulink></entry>
115 <entry>20 April 2011</entry>
116 <entry><para>Network ACL mishandling in &man.mountd.8;</para></entry>
120 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc"
121 >SA-11:02.bind</ulink></entry>
122 <entry>28 May 2011</entry>
123 <entry><para>BIND remote DoS with large RRSIG RRsets and negative
124 caching</para></entry>
128 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc"
129 >SA-11:04.compress</ulink></entry>
130 <entry>28 September 2011</entry>
131 <entry><para>Errors handling corrupt compress file in
132 &man.compress.1; and &man.gzip.1;</para></entry>
136 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc"
137 >SA-11:05.unix</ulink></entry>
138 <entry>28 September 2011</entry>
139 <entry><para>Buffer overflow in handling of UNIX socket
140 addresses</para></entry>
144 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.asc"
145 >SA-11:06.bind</ulink></entry>
146 <entry>23 December 2011</entry>
147 <entry><para>Remote packet Denial of Service against &man.named.8;
148 servers</para></entry>
152 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc"
153 >SA-11:07.chroot</ulink></entry>
154 <entry>23 December 2011</entry>
155 <entry><para>Code execution via chrooted ftpd</para></entry>
159 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
160 >SA-11:08.telnetd</ulink></entry>
161 <entry>23 December 2011</entry>
162 <entry><para>telnetd code execution vulnerability</para></entry>
166 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:09.pam_ssh.asc"
167 >SA-11:09.pam_ssh</ulink></entry>
168 <entry>23 December 2011</entry>
169 <entry><para>pam_ssh improperly grants access when user account has
170 unencrypted SSH private keys</para></entry>
174 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:10.pam.asc"
175 >SA-11:10.pam</ulink></entry>
176 <entry>23 December 2011</entry>
177 <entry><para><function>pam_start()</function> does not validate
178 service names</para></entry>
186 <title>Kernel Changes</title>
188 <para revision="219129">The &os; kernel now supports Capsicum
189 Capability Mode. Capsicum is a set of features for sandboxing
190 support, using a capability model in which the capabilities
191 are file descriptors. Two new kernel options
192 <literal>CAPABILITIES</literal> and
193 <literal>CAPABILITY_MODE</literal> have been added to the
194 <filename>GENERIC</filename> kernel. For more information
195 about Capsicum, see <ulink
196 url="http://www.cl.cam.ac.uk/research/security/capsicum/"></ulink>.</para>
198 <para revision="219559,219561" arch="amd64,i386">The &os;
199 &man.dtrace.1; framework now supports
200 <literal>systrace</literal> for system calls of
201 <literal>linux32</literal> and <literal>freebsd32</literal> on
202 &os;/&arch.amd64;. Two new
203 <filename>systrace_linux32</filename> and
204 <filename>systrace_freebsd32</filename> kernel modules provide
205 support for tracing compat system calls in addition to the native
206 system call tracing provided by the
207 <filename>systrace</filename> module.</para>
209 <para revision="217152,217396" arch="amd64,i386,powerpc">The
210 &os; ELF image activator now supports the
211 <literal>PT_GNU_STACK</literal> program header. This is
212 disabled by default. New &man.sysctl.8; variables
213 <varname>kern.elf32.nxstack</varname> and
214 <varname>kern.elf64.nxstack</varname> allow enabling
215 <literal>PT_GNU_STACK</literal> for the specified ABIs
216 (e.g. <literal>elf32</literal> for 32-bit ABI).</para>
218 <para revision="216758,216615">The &man.hhook.9; (Helper Hook)
219 and &man.khelp.9; (Kernel Helpers) KPIs have been implemented.
220 These are a kind of superset of &man.pfil.9; framework for
221 more general use in the kernel. The &man.hhook.9; KPI
222 provides a way for kernel subsystems to export hook points
223 that &man.khelp.9; modules can hook to provide enhanced or new
224 functionality to the kernel. The &man.khelp.9; KPI provides a
225 framework for managing &man.khelp.9; modules, which indirectly
226 use the &man.hhook.9; KPI to register their hook functions
227 with hook points of interest within the kernel. These allow a
228 structured way to dynamically extend the kernel at runtime in
229 an ABI preserving manner.</para>
231 <para revision="224516" arch="amd64,i386,pc98">A &man.loader.8;
232 tunable <varname>hw.memtest.tests</varname> has been added.
233 This controls whether to perform memory testing at boot time
234 or not. The default value is <literal>1</literal> (perform a
237 <para revision="220137">A new resource accounting API has been
238 implemented. It can keep per-process, per-jail, and
239 per-loginclass resource accounting information. Note that
240 this is not built nor installed by default. To build and
241 install them, specify <literal>options RACCT</literal> in the
242 kernel configuration file and rebuild the base system as
243 described in the <ulink
244 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
245 Handbook</ulink>.</para>
247 <para revision="220163">A new resource-limiting API has been
248 implemented. It works in conjunction with the
249 <literal>RACCT</literal> resource accounting implementation
250 and takes user-configurable actions based on the set of rules
251 it maintains and the current resource usage. The &man.rctl.8;
252 utility has been added to manage the rules in userland. Note
253 that this is not built nor installed by default. To build and
254 install them, specify <literal>options RCTL</literal> in the
255 kernel configuration file and rebuild the base system as
256 described in the <ulink
257 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
258 Handbook</ulink>.</para>
260 <para revision="220031">The &man.sendmsg.2; and &man.recvmsg.2;
261 system calls in the &os; Linux ABI compatibility have been
264 <para revision="219999">The &man.open.2; and &man.fhopen.2;
265 system calls now support the <literal>O_CLOEXEC</literal> flag,
266 which allows setting the <literal>FD_CLOEXEC</literal> flag for the
267 newly created file descriptor. This is standardized in IEEE
268 Std 1003.1-2008 (POSIX, Single UNIX Specification Version
271 <para revision="220791">The &man.posix.fallocate.2; system call has
272 been implemented. This is a function in POSIX to ensure that
273 a part of the storage for regular file data is allocated on the
274 file system storage media.</para>
276 <para revision="219304">Two new system calls
277 <function>setloginclass(2)</function> and
278 <function>getloginclass(2)</function> have been added. This
279 makes it possible for the kernel to track the login class a
280 process is assigned to, which is required for the
281 <literal>RCTL</literal> resource limiting framework.</para>
283 <para revision="220238" arch="amd64">&os; now supports executing
284 &os; 1/&arch.i386; a.out binaries on &os;/&arch.amd64;. Note
285 that this is not built nor installed by default. To build and
286 install them, specify <literal>options COMPAT_43</literal> in
287 the kernel configuration file and rebuild the base system as
288 described in the <ulink
289 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
290 Handbook</ulink>.</para>
292 <para revision="218485,219028,219029">The following
293 &man.sysctl.8; variables have been added to show the availability
294 of various kernel features:</para>
296 <informaltable frame="none" pgwide="1">
298 <colspec colwidth="1*"/>
299 <colspec colwidth="3*"/>
302 <entry>&man.sysctl.8; variable name</entry>
303 <entry>Description</entry>
309 <entry><varname>kern.features.ufs_acl</varname></entry>
310 <entry>ACL (Access Control List) support in UFS</entry>
314 <entry><varname>kern.features.ufs_gjournal</varname></entry>
315 <entry>journaling support through &man.gjournal.8; for
320 <entry><varname>kern.features.ufs_quota</varname></entry>
321 <entry>UFS disk quotas support</entry>
325 <entry><varname>kern.features.ufs_quota64</varname></entry>
326 <entry>64-bit UFS disk quotas support</entry>
330 <entry><varname>kern.features.softupdates</varname></entry>
331 <entry>FFS soft-updates support</entry>
335 <entry><varname>kern.features.ffs_snapshot</varname></entry>
336 <entry>FFS snapshot support</entry>
340 <entry><varname>kern.features.nfsclient</varname></entry>
341 <entry>NFS client (old implementation)</entry>
345 <entry><varname>kern.features.nfscl</varname></entry>
346 <entry>NFS client (new implementation)</entry>
350 <entry><varname>kern.features.nfsserver</varname></entry>
351 <entry>NFS server (old implementation)</entry>
355 <entry><varname>kern.features.nfsd</varname></entry>
356 <entry>NFS server (new implementation)</entry>
360 <entry><varname>kern.features.kdtrace_hooks</varname></entry>
361 <entry>Kernel DTrace hooks which are required to load
362 DTrace kernel modules</entry>
366 <entry><varname>kern.features.ktr</varname></entry>
367 <entry>Kernel support for KTR kernel tracing facility</entry>
371 <entry><varname>kern.features.ktrace</varname></entry>
372 <entry>Kernel support for system call tracing</entry>
376 <entry><varname>kern.features.hwpmc_hooks</varname></entry>
377 <entry>Kernel support for HW PMC</entry>
381 <entry><varname>kern.features.sysv_msg</varname></entry>
382 <entry>System V message queues support</entry>
386 <entry><varname>kern.features.sysv_sem</varname></entry>
387 <entry>System V semaphores support</entry>
391 <entry><varname>kern.features.p1003_1b_mqueue</varname></entry>
392 <entry>POSIX P1003.1B message queues support</entry>
396 <entry><varname>kern.features.p1003_1b_semaphores</varname></entry>
397 <entry>POSIX P1003.1B semaphores support</entry>
401 <entry><varname>kern.features.kposix_priority_scheduling</varname></entry>
402 <entry>POSIX P1003.1B real-time extensions</entry>
406 <entry><varname>kern.features.stack</varname></entry>
407 <entry>Support for capturing the kernel stack</entry>
411 <entry><varname>kern.features.sysv_shm</varname></entry>
412 <entry>System V shared memory segments support</entry>
416 <entry><varname>kern.features.pps_sync</varname></entry>
417 <entry>Support usage of external PPS signal by kernel PLL</entry>
421 <entry><varname>kern.features.regression</varname></entry>
422 <entry>Kernel support for interfaces necessary for
423 regression testing</entry>
427 <entry><varname>kern.features.invariant_support</varname></entry>
428 <entry>Support for modules compiled with the INVARIANTS option</entry>
432 <entry><varname>kern.features.zero_copy_sockets</varname></entry>
433 <entry>Zero copy sockets support</entry>
437 <entry><varname>kern.features.libmchain</varname></entry>
438 <entry>mchain library</entry>
442 <entry><varname>kern.features.scbus</varname></entry>
443 <entry>SCSI devices support</entry>
447 <entry><varname>kern.features.mac</varname></entry>
448 <entry>Mandatory Access Control Framework support</entry>
452 <entry><varname>kern.features.audit</varname></entry>
453 <entry>BSM audit support</entry>
457 <entry><varname>kern.features.geom_gate</varname></entry>
458 <entry>GEOM Gate module</entry>
462 <entry><varname>kern.features.geom_uzip</varname></entry>
463 <entry>GEOM uzip read-only compressed disks support</entry>
467 <entry><varname>kern.features.geom_cache</varname></entry>
468 <entry>GEOM cache module</entry>
472 <entry><varname>kern.features.geom_mirror</varname></entry>
473 <entry>GEOM mirroring support</entry>
477 <entry><varname>kern.features.geom_stripe</varname></entry>
478 <entry>GEOM striping support</entry>
482 <entry><varname>kern.features.geom_concat</varname></entry>
483 <entry>GEOM concatenation support</entry>
487 <entry><varname>kern.features.geom_raid3</varname></entry>
488 <entry>GEOM RAID-3 functionality</entry>
492 <entry><varname>kern.features.geom_fox</varname></entry>
493 <entry>GEOM FOX redundant path mitigation support</entry>
497 <entry><varname>kern.features.geom_multipath</varname></entry>
498 <entry>GEOM multipath support</entry>
502 <entry><varname>kern.features.g_virstor</varname></entry>
503 <entry>GEOM virtual storage support</entry>
507 <entry><varname>kern.features.geom_bde</varname></entry>
508 <entry>GEOM-based Disk Encryption</entry>
512 <entry><varname>kern.features.geom_eli</varname></entry>
513 <entry>GEOM crypto module</entry>
517 <entry><varname>kern.features.geom_journal</varname></entry>
518 <entry>GEOM journaling support</entry>
522 <entry><varname>kern.features.geom_shsec</varname></entry>
523 <entry>GEOM shared secret device support</entry>
527 <entry><varname>kern.features.geom_vol</varname></entry>
528 <entry>GEOM support for volume names from UFS superblocks</entry>
532 <entry><varname>kern.features.geom_label</varname></entry>
533 <entry>GEOM labeling support</entry>
537 <entry><varname>kern.features.geom_sunlabel</varname></entry>
538 <entry>GEOM Sun/Solaris partitioning support</entry>
542 <entry><varname>kern.features.geom_bsd</varname></entry>
543 <entry>GEOM BSD disklabels support</entry>
547 <entry><varname>kern.features.geom_pc98</varname></entry>
548 <entry>GEOM NEC PC9800 partitioning support</entry>
552 <entry><varname>kern.features.geom_linux_lvm</varname></entry>
553 <entry>GEOM Linux LVM partitioning support</entry>
557 <entry><varname>kern.features.geom_part_pc98</varname></entry>
558 <entry>GEOM partitioning class for PC-9800 disk partitions</entry>
562 <entry><varname>kern.features.geom_part_vtoc8</varname></entry>
563 <entry>GEOM partitioning class for SMI VTOC8 disk labels</entry>
567 <entry><varname>kern.features.geom_part_bsd</varname></entry>
568 <entry>GEOM partitioning class for BSD disklabels</entry>
572 <entry><varname>kern.features.geom_part_ebr</varname></entry>
573 <entry>GEOM partitioning class for extended boot records support</entry>
577 <entry><varname>kern.features.geom_part_ebr_compat</varname></entry>
578 <entry>GEOM EBR partitioning class:
579 backward-compatible partition names</entry>
583 <entry><varname>kern.features.geom_part_gpt</varname></entry>
584 <entry>GEOM partitioning class for GPT partitions
589 <entry><varname>kern.features.geom_part_apm</varname></entry>
590 <entry>GEOM partitioning class for Apple-style
595 <entry><varname>kern.features.geom_part_mbr</varname></entry>
596 <entry>GEOM partitioning class for MBR support</entry>
603 <title>Boot Loader Changes</title>
605 <para revision="222417">The default boot loader menu has been
608 <para revision="219541" arch="ia64">The &man.loader.8; loader
609 now supports PBVM (Pre-Boot Virtual Memory). This allows
610 linking the kernel at a fixed virtual address without having to
611 make any assumptions about the physical memory layout. The
612 PBVM also allows fine control of the address where the
613 kernel and its modules are to be loaded.</para>
617 <title>Hardware Support</title>
619 <para revision="217044" arch="powerpc">&os;/powerpc now
620 supports Sony Playstation 3 using the OtherOS feature
621 available on firmwares 3.15 and earlier.</para>
623 <para revision="219473,220577">A new &man.loader.8; tunable
624 <varname>machdep.disable_tsc</varname> has been added.
625 Setting this to a non-zero value disables use of TSC (Time
626 Stamp Counter) by turning off boot-time CPU frequency
627 calibration, DELAY(9) with TSC, and using TSC as a CPU
628 ticker. Another new &man.loader.8; tunable
629 <varname>machdep.disable_tsc_calibration</varname> allows to
630 skip the TSC frequency calibration only. This is useful when
631 one wants to use the nominal frequency of the chip in Intel
632 processors, for example.</para>
634 <para revision="223098" arch="amd64,i386">The &os; &man.usb.4;
635 subsystem now supports USB 3.0 by default.</para>
637 <para revision="215649">The &os; &man.usb.4; subsystem now
638 supports USB packet filter. This allows to capture packets
639 which go through each USB host controller. The
640 implementation is almost based on &man.bpf.4; code.
641 The userland program &man.usbdump.8; has been added.</para>
644 <title>Network Interface Support</title>
646 <para revision="217649">A bug in the &man.alc.4; driver which
647 could make AR8152-based network interfaces stop working
648 has been fixed.</para>
650 <para revision="219647">A bxe(4) driver for Broadcom
651 NetXtreme II 10GbE controllers (BCM57710, BCM57711,
652 BCM57711E) has been added.</para>
654 <para revision="220009">The &man.cxgb.4; driver has been
655 updated to version 7.11.0.</para>
657 <para revision="218794">A &man.cxgbe.4; driver for Chelsio
658 T4 (Terminator 4) based 10Gb/1Gb adapters has been
661 <para revision="218832" arch="i386">The &man.dc.4; driver
662 now works correctly in kernels with the
663 <option>PAE</option> option.</para>
665 <para revision="219753">The &man.em.4; driver has been
666 updated to version 7.3.2.</para>
668 <para revision="223350">The &man.igb.4; driver has been
669 updated to version 2.2.5.</para>
671 <para revision="218530">The &man.igb.4; driver now supports
672 Intel I350 PCIe Gigabit Ethernet controllers.</para>
674 <para revision="217593">The &man.ixgbe.4; driver has been
675 updated to version 2.3.8.</para>
677 <para revision="220892">Firmware images in the &man.iwn.4;
678 driver for 1000, 5000, 6000, and 6500 series cards have been
681 <para revision="216860">A bug in the &man.msk.4; driver has been
682 fixed. It could prevent RX checksum offloading from
685 <para revision="217794">A bug in the &man.nfe.4; driver which
686 could prevent reinitialization after changing the MTU has
689 <para revision="217511">A bug in the &man.ral.4; and &man.run.4;
690 drivers which could prevent <literal>hostap</literal> mode
691 from working has been fixed.</para>
693 <para revision="216828">A rdcphy(4) driver for RDC Semiconductor
694 R6040 10/100 PHY has been added.</para>
696 <para revision="217498,218760">The &man.re.4; driver now supports
697 RTL8168E/8111E-VL PCIe Gigabit Ethernet controllers and
698 RTL8401E PCIe Fast Ethernet controllers.</para>
700 <para revision="217766">The &man.re.4; driver now supports
701 TX interrupt moderation on RTL810xE PCIe Fast Ethernet
704 <para revision="217902">The &man.re.4; driver now supports
705 another mechanism for RX interrupt moderation because of
706 performance problems. A &man.sysctl.8; variable
707 <varname>dev.re.<replaceable>N</replaceable>.int_rx_mod</varname>
708 has been added to control amount of time to delay RX
709 interrupt processing, in units of microsecond. Setting it
710 to <literal>0</literal> completely disables RX interrupt
711 moderation. A &man.loader.8; tunable
712 <varname>hw.re.intr_filter</varname> controls whether the
713 old mechanism utilizing MSI/MSI-X capability on
714 supported controllers is used or not. When set to
715 a non-zero value, the &man.re.4; driver uses the old
716 mechanism. The default value is <literal>0</literal> and
717 this tunable has no effect on controllers without MSI/MSI-X
720 <para revision="217246,217832">The &man.re.4; driver now
721 supports TSO (TCP Segmentation Offload) on RealTek
722 RTL8168/8111 C or later controllers. Note that this is
723 disabled by default because broken frames can be sent
724 under certain conditions.</para>
726 <para revision="217381,218289">The &man.re.4; driver now
727 supports enabling TX and/or RX checksum offloading
728 independently from each other. Note that TX IP checksum
729 is disabled on some RTL8168C-based network interfaces
730 because it can generate an incorrect IP checksum when the
731 packet contains IP options.</para>
733 <para revision="217296">A bug in the &man.re.4; driver has
734 been fixed. It could cause a panic when receiving a jumbo
735 frame on an RTL8169C, 8169D, or 8169E controller-based
736 network interface.</para>
738 <para revision="217911">The &man.re.4; driver now supports
739 RTL8105E PCIe Fast Ethernet controllers.</para>
741 <para revision="217910">The rlphy(4) driver now supports the
742 Realtek RTL8201E 10/100 PHY found in RTL8105E
745 <para revision="217548">A bug in the &man.sis.4; driver has
746 been fixed. It could prevent a proper reinitialization
747 on DP83815, DP83816, and SiS 900/7016 controllers when the
748 configuration of multicast packet handling and/or
749 promiscuous mode is changed.</para>
751 <para revision="216650">A bug in the &man.vlan.4; pseudo interface
752 han been fixed. It could have a random interface
753 identifier in an automatically configured IPv6 link-local
754 address, instead of one generated with the parent
755 interface's IEEE 802 48-bit MAC address and an algorithm
756 described in RFC 4291.</para>
758 <para revision="216829">A &man.vte.4; driver for RDC R6040 Fast
759 Ethernet controllers, which are commonly found on the Vortex86
760 System On a Chip, has been added.</para>
762 <para revision="221167">A &man.vxge.4; driver for the Neterion
763 X3100 10GbE Server/Storage adapter has been added.</para>
765 <para revision="216824">A bug in the &man.wpi.4; driver has been
766 fixed. It could display the following error messages and
767 result in the device being unusable:</para>
769 <screen>wpi0: could not map mbuf (error 12)
770 wpi0: wpi_rx_intr: bus_dmamap_load failed, error 12</screen>
775 <sect3 id="net-proto">
776 <title>Network Protocols</title>
778 <para revision="225044">&man.ipfw.8; now supports IPv6 in
779 the <command>fwd</command> action.</para>
781 <para revision="223666">&man.ipfw.8; now supports the
782 <command>call</command> and <command>return</command>
783 actions. Upon the <command>call
784 <replaceable>number</replaceable></command> action, the
785 current rule number is saved in the internal stack and
786 ruleset processing continues with the first rule numbered
787 <replaceable>number</replaceable> or higher. The
788 <command>return</command> action takes the rule number saved
789 to internal stack by the latest <command>call</command>
790 action and returns ruleset processing to the first rule with
791 number greater than that saved number.</para>
793 <para revision="218794">&os;'s &man.ipsec.4; support now uses
794 half of the hash size as the authenticator hash size in
795 Hashed Message Authentication Mode (HMAC-SHA-256,
796 HMAC-SHA-384, and HMAC-SHA-512) as described in RFC 4868.
797 This was a fixed 96-bit length in prior releases because the
798 implementation was based on an old Internet draft
799 draft-ietf-ipsec-ciph-sha-256-00. Note that this means
800 &release.current; and later are no longer interoperable with
801 the older &os; releases.</para>
803 <para revision="219820">For Infiniband support, OFED
804 (OpenFabrics Enterprise Distribution) version 1.5.3 has been
805 imported into the base system. Note that this is not built
806 nor installed by default. To build and install them,
807 specify <literal>WITH_OFED=yes</literal> in
808 <filename>/etc/src.conf</filename> and rebuild the base
809 system as described in the <ulink
810 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
811 Handbook</ulink>.</para>
813 <para revision="226572">The &os; TCP/IP network stack now supports
814 IPv4 prefixes with /31 as described in RFC 3021,
815 <quote>Using 31-Bit Prefixes on IPv4 Point-to-Point
816 Links</quote>.</para>
818 <para revision="217169">A bug in the &os; TCP/IP network stack has
819 been fixed. Source address selection could not be
820 performed when multicast options were present but without an
821 interface being specified.</para>
823 <para revision="225682">A bug in the
824 <literal>IPV6_PKTINFO</literal> option used in
825 &man.sendmsg.2; has been fixed. The
826 <literal>IPV6_USE_MIN_MTU</literal> state set by
827 &man.setsockopt.2; was ignored.</para>
829 <para revision="216109,216114,216115,218152,218153,218155">
830 The &os; TCP/IP network stack now supports the &man.mod.cc.9; pluggable
831 congestion control framework. This allows TCP congestion
832 control algorithms to be implemented as dynamically loadable
833 kernel modules. The following kernel modules are available
834 as of &release.current;: &man.cc.chd.4; for the
835 CAIA-Hamilton-Delay algorithm, &man.cc.cubic.4; for the CUBIC
836 algorithm, &man.cc.hd.4; for the Hamilton-Delay algorithm,
837 &man.cc.htcp.4; for the H-TCP algorithm, &man.cc.newreno.4; for
838 the NewReno algorithm, and &man.cc.vegas.4; for the Vegas algorithm.
839 The default algorithm can be set by a new &man.sysctl.8;
840 variable <varname>net.inet.tcp.cc.algorithm</varname>. The
841 value must be set to one of the names listed by
842 <varname>net.inet.tcp.cc.available</varname>, and
843 <literal>newreno</literal> is the default set at boot time.
845 detail, see the &man.mod.cc.4; and &man.mod.cc.9; manual pages.</para>
847 <para revision="217806">An &man.h.ertt.4; (Enhanced Round Trip
848 Time) &man.khelp.9; module has been added. This module
849 allows per-connection, low noise estimates of the
850 instantaneous RTT in the TCP/IP network stack with a robust
851 implementation even in the face of delayed acknowledgments
852 and/or TSO (TCP Segmentation Offload) being in use for a
855 <para revision="218912">A new &man.tcp.4; socket option
856 <literal>TCP_CONGESTION</literal> has been added. This
857 allows to select or query the congestion control algorithm
858 that the TCP/IP network stack will use for connections on
861 <para revision="225586">The &man.ng.ipfw.4; &man.netgraph.4;
862 node now supports IPv6.</para>
864 <para revision="219127">The &man.ng.one2many.4;
865 &man.netgraph.4; node now supports the
866 <literal>XMIT_FAILOVER</literal> transmit algorithm. This
867 makes packets deliver out of the first active
868 <literal>many</literal> hook.</para>
870 <para revision="219183">The &man.ng.netflow.4;
871 &man.netgraph.4; node now supports NetFlow version 9. A new
872 <literal>export9</literal> hook has been added for NetFlow
873 v9 data. Note that data export can be done
874 simultaneously in both version 5 and version 9.</para>
876 <para revision="239615">The IEEE 802.11s element identifiers have
877 been updated to reflect the final version of the amendment. This
878 update breaks compatibility with older mesh setups but is necessary
879 as the previous IDs are used by another amendment leading to
880 unexpected results when trying to associate with an accesspoint
881 using the affected IDs.</para>
886 <title>Disks and Storage</title>
888 <para revision="220412">The &man.ada.4; driver now supports
889 write cache control. A new &man.sysctl.8 variable
890 <varname>kern.cam.ada.write_cache</varname> determines
891 whether the write cache of &man.ada.4; devices is enabled or
892 not. Setting to <literal>1</literal> enables and
893 <literal>0</literal> disables the write cache, and <literal>-1</literal>
894 leaves the device default behavior. &man.sysctl.8 variables
895 <varname>kern.cam.ada.<replaceable>N</replaceable>.write_cache</varname>
896 can override the configuration in a per-device basis (the
897 default value is <literal>-1</literal>, which means to use
898 the global setting). Note that the value can be changed at
899 runtime, but it takes effect only after a device
902 <para revision="224905">The &man.arcmsr.4; driver has been
903 updated to version 1.20.00.22.</para>
905 <para revision="226067">The &man.cam.4; subsystem now supports the
906 descriptor format sense data of the SPC-3 (SCSI Primary Commands
907 3) specification.</para>
909 <para revision="220559">The &man.geom.map.4; GEOM class has
910 been added. This allows to generate multiple geom providers
911 based on a hard-coded layout of a device with no explicit
912 partition table such as embedded flash storage. For more
913 information, see the &man.geom.map.4; manual page.</para>
915 <para revision="218014">The &man.gpart.8; GEOM class now
916 supports the following aliases for the MBR and EBR schemes:
917 <literal>fat32</literal>, <literal>ebr</literal>,
918 <literal>linux-data</literal>,
919 <literal>linux-raid</literal>, and
920 <literal>linux-swap</literal>.</para>
922 <para revision="218014">The &man.gpart.8; GEOM class now
923 supports <literal>bios-boot</literal> GUID for the GPT
924 scheme which is used in GRUB 2 loader.</para>
926 <para revision="219974">The &man.graid.8; GEOM class has been
927 added. This is a replacement of the &man.ataraid.4; driver
928 supporting various BIOS-based software RAID.</para>
930 <para revision="219056">The &man.sysctl.8; variable
931 <varname>kern.geom.confxml</varname> now contains
932 information about disk identification in an
933 <sgmltag>ident</sgmltag> tag and disk model strings in a
934 <sgmltag>descr</sgmltag> tag.</para>
936 <para revision="216793">The &man.md.4; memory-backed pseudo disk
937 device driver now supports a &man.sysctl.8; variable
938 <varname>vm.md_malloc_wait</varname> to specify whether a
939 malloc-backed disk will use <varname>M_WAITOK</varname> or
940 <varname>M_NOWAIT</varname> for &man.malloc.9; calls. The
941 <varname>M_WAITOK</varname> setting can prevent memory allocation
942 failure under high load. If it is set to
943 <literal>0</literal>, a malloc-backed disk uses
944 <varname>M_NOWAIT</varname> for memory allocation. The
945 default value is <literal>0</literal>.</para>
947 <para revision="216941,217509">A bug in the &man.mmc.4; driver
948 that could cause device detection to fail has been fixed.</para>
950 <para revision="223958">The &man.mxge.4; driver has been
953 <para revision="226115">A &man.tws.4; driver for 3ware 9750
954 SATA+SAS 6Gb/s RAID controllers has been added.</para>
958 <title>File Systems</title>
960 <para revision="207141,218726">The &os; Fast File System now supports
961 softupdates journaling. It introduces a intent log into a
962 softupdates-enabled file system which eliminates the need
963 for background &man.fsck.8; even on unclean shutdown. This
964 can be enabled in a per-filesystem basis by using the
965 <option>-j</option> flag of the &man.newfs.8; utility or the
966 <option>-j enable</option> option of the &man.tunefs.8;
967 utility. Note that the &release.current; installer
968 automatically enables softupdates journaling for
969 newly-created UFS file systems.</para>
971 <para revision="216796">The &os; Fast File System now
972 supports the <literal>TRIM</literal> command when freeing data
973 blocks. A new flag <option>-t</option> in the &man.newfs.8;
974 and &man.tunefs.8; utilities sets the TRIM-enable flag for a
975 file system. The TRIM-enable flag makes the file system
976 send a delete request to the underlying device for each
977 freed block. The <literal>TRIM</literal> command is
978 specified as a Data Set Management Command in the ATA8-ACS2
979 standard to carry the information related to deleted data
980 blocks to a device, especially for a SSD (Solid-State Drive) for
983 <para revision="221233">A new flag <option>-E</option> has
984 been added to the &man.newfs.8; and &man.fsck.ffs.8; utilities.
985 This clears unallocated blocks, notifying the underlying
986 device that they are not used and that their contents may be
987 discarded. This is useful in &man.fsck.ffs.8; for file
988 systems which have been mounted on systems without
989 <literal>TRIM</literal> support, or with
990 <literal>TRIM</literal> support disabled, as well as
991 filesystems which have been copied from one device to
994 <para revision="221124">The &os; NFS subsystem has been
995 updated. The new implementation supports NFS version 4 in
996 addition to 2 and 3. The kernel options for the NFS server
997 and client are changed from <literal>NFSSERVER</literal> and
998 <literal>NFSCLIENT</literal> to <literal>NFSD</literal> and
999 <literal>NFSCL</literal>. &man.sysctl.8; variables which
1000 start with <varname>vfs.nfssrv.</varname> have been renamed
1001 to <varname>vfs.nfsd.</varname>. The NFS server now
1002 supports <varname>vfs.nfsd.server_max_nfsvers</varname> and
1003 <varname>vfs.nfsd.server_min_nfsvers</varname>
1004 &man.sysctl.8; variables to specify the maximum and the
1005 minimum NFS version number which the server accepts. The
1006 default value is set to <literal>3</literal> and
1007 <literal>2</literal>, respectively.</para>
1009 <para>To enable NFSv4, the following variables are needed on
1010 the server side in &man.rc.conf.5;:</para>
1012 <programlisting>nfsv_server_enable="YES"
1013 nfsv4_server_enable="YES"
1014 nfsuserd_enable="YES"</programlisting>
1016 <para>and the following line is needed in
1017 <filename>/etc/exports</filename>:</para>
1019 <programlisting>V4: /</programlisting>
1021 <para>For more information about NFSv4 and its configuration,
1022 see the &man.nfsv4.4; and &man.exports.5; manual pages.</para>
1024 <para revision="221436">The &os; NFS subsystem now supports a
1025 <option>nocto</option> mount option. This disables the
1026 close-to-open cache coherency check at open time. This
1027 option may improve performance for read-only mounts, but
1028 should only be used only if the data on the server changes
1029 rarely. The &man.mount.nfs.8; utility now also supports
1030 this flag keyword.</para>
1032 <para revision="225537">A &man.loader.8; tunable
1033 <varname>vfs.typenumhash</varname> has been added and set to
1034 <literal>1</literal> by default. This enables to use a hash
1035 calculation on the file system identification number internally
1036 used in the kernel. This fixes the <quote>Stale NFS file
1037 handle</quote> error on NFS clients when upgrading or
1038 rebuilding the kernel on the NFS server due to unexpected
1039 change of these identification number values.</para>
1041 <para revision="219089">The &os; ZFS subsystem has been
1042 updated to the SPA (Storage Pool Allocator, also known as
1043 zpool) version 28. It now supports data deduplication,
1044 triple parity RAIDZ (raidz3), snapshot holds, log device
1045 removal, zfs diff, zpool split, zpool import
1046 <option>-F</option>, and read-only zpool import.</para>
1050 <sect2 id="userland">
1051 <title>Userland Changes</title>
1053 <para revision="219359,219571">Complex exponential functions
1054 &man.cexp.3; and &man.cexpf.3;, and cube root function
1055 &man.cbrtl.3; have been added to
1056 <application>libm</application>.</para>
1058 <para revision="224152,224153,224154">The &man.bsdtar.1; and
1059 &man.cpio.1; utilities are now based on
1060 <application>libarchive</application> version 2.8.4.</para>
1062 <para revision="217416">The &man.cpuset.1; utility now supports
1063 a <option>-C</option> flag to create a new cpuset and assign
1064 an existing process into that set, and an
1065 <literal>all</literal> keyword in the <option>-l
1066 <replaceable>cpu-list</replaceable></option> option to specify
1067 all CPUs in the system.</para>
1069 <para revision="219739">The &man.dhclient.8; utility now uses
1070 &man.resolvconf.8; to manage the &man.resolv.conf.5; file by
1071 default. A <varname>resolvconf_enable</varname> variable in
1072 <filename>/etc/dhclient-enter-hooks</filename> controls the
1075 <para revision="217505">A bug in the &man.fetch.1; utility which
1076 could prevent the <command>STAT</command> FTP command from working
1077 properly has been fixed.</para>
1079 <para revision="219415">The &man.gpart.8; utility now supports a
1080 <option>-p</option> flag to the <command>show</command>
1081 subcommand. This allows showing providers' names of
1082 partitions instead of the partitions' indexes.</para>
1084 <para revision="218049">The &man.hastd.8; utility now drops
1085 <literal>root</literal> privileges of the worker processes to the
1086 <literal>hast</literal> user.</para>
1088 <para revision="219351">The &man.hastd.8; utility now supports a
1089 <literal>checksum</literal> keyword to specify the checksum
1090 algorithm in a <literal>resource</literal> section. As of
1091 &release.current;, <literal>none</literal>,
1092 <literal>sha256</literal>, and <literal>crc32</literal> are
1095 <para revision="219354">The &man.hastd.8; utility now supports a
1096 <literal>compression</literal> keyword to specify the compression
1097 algorithm in a <literal>resource</literal> section. As of
1098 &release.current;, <literal>none</literal>,
1099 <literal>hole</literal> and <literal>lzf</literal> are
1102 <para revision="219818">The &man.hastd.8; utility now supports a
1103 <literal>source</literal> keyword to specify the local address
1104 to bind to before connecting the remote &man.hastd.8
1107 <para revision="219019">An implementation of
1108 <function>iconv()</function> API libraries and utilities which
1109 are standardized in Single UNIX Specification has been
1110 imported. These are based on NetBSD's Citrus implementation.
1111 Note that these are not built nor installed by default. To
1112 build and install them, specify
1113 <literal>WITH_ICONV=yes</literal> in
1114 <filename>/etc/src.conf</filename> and rebuild the base system
1115 as described in the <ulink
1116 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
1117 Handbook</ulink>.</para>
1119 <para revision="217013">The &man.ifconfig.8; utility now
1120 supports <literal>fdx</literal>, <literal>flow</literal>,
1121 <literal>hdx</literal>, and <literal>loop</literal> keywords
1122 as aliases of <literal>full-duplex</literal>,
1123 <literal>flowcontrol</literal>,
1124 <literal>half-duplex</literal>,
1125 and <literal>loopback</literal>, respectively.</para>
1127 <para revision="220370">A &man.readline.3; API set has been
1128 imported into <application>libedit</application>. This is
1129 based on NetBSD's implementation and BSD licensed utilities
1130 now use it instead of GNU
1131 <application>libreadline</application>.</para>
1133 <para revision="224762">The &man.makefs.8; utility now supports the
1134 ISO 9660 format.</para>
1136 <para revision="220496,220497"><application>libmd</application>
1137 and <application>libcrypt</application> now support the SHA-256
1138 and SHA-512 algorithms.</para>
1140 <para revision="217642">The &man.netstat.1; utility now does not
1141 expose the internal scope address representation used in the &os;
1142 kernel, which is derived from KAME IPv6 stack, in the results
1143 of <command>netstat -ani</command> and <command>netstat
1144 -nr</command>.</para>
1146 <para revision="218127">The &man.newsyslog.8; utility now
1147 supports &man.xz.1; compression. An <literal>X</literal> flag
1148 in the optional field has been added to specify the
1151 <para revision="219563">The &man.pam.group.8; module now
1152 supports <option>ruser</option> and <option>luser</option>
1153 options. The <option>ruser</option> make it accept or reject
1154 based on the supplicant's group membership and this is the
1155 default behavior. The <option>luser</option> checks the
1156 target user's group membership instead of the supplicant's
1157 one. If neither option was specified, &man.pam.group.8;
1158 assumes <option>ruser</option> and issues a warning.</para>
1160 <para revision="216823">A &man.poweroff.8; utility has been added.
1161 This is equivalent to:</para>
1163 <screen>&prompt.root; shutdown -p now</screen>
1165 <para revision="218397">The &man.ppp.8; utility now supports
1166 <command>iface name <replaceable>name</replaceable></command>
1167 and <command>iface description
1168 <replaceable>description</replaceable></command> commands.
1169 These have the same functionalities as the <literal>name</literal>
1170 and <literal>description</literal> subcommands of the
1171 &man.ifconfig.8; utility.</para>
1173 <para revision="219307,219713">The &man.ps.1; utility now
1174 supports an <option>-o class</option> option to display the login
1175 class information of each process, and <option>-o
1176 usertime</option> and <option>-o systime</option> options for
1177 accumulated system and user CPU time, respectively.</para>
1179 <para revision="222732">The &man.rtadvd.8; daemon now supports a
1180 <literal>noifprefix</literal> keyword to disable gathering
1181 on-link prefixes from interfaces when no
1182 <literal>addr</literal> keyword is specified. An entry in
1183 <filename>/etc/rtadvd.conf</filename> with
1184 <literal>noifprefix</literal> and no <literal>addr</literal>
1185 generates an RA message with no prefix information
1188 <para revision="222732,224006">The &man.rtsold.8; and
1189 &man.rtadvd.8; daemons now support the RDNSS and DNSSL options
1190 described in RFC 6106, <quote>IPv6 Router Advertisement
1191 Options for DNS Configuration</quote>. A &man.rtadvctl.8;
1192 utility to control the &man.rtadvd.8; daemon has been
1195 <para revision="216695">The &man.rtld.1; runtime linker now supports
1196 shared objects as filters in ELF shared libraries. Both
1197 standard and auxiliary filtering have been supported. The
1198 &man.rtld.1; linker's processing of a filter defers loading a
1199 filtee until a filter symbol is referenced unless the
1200 <varname>LD_LOADFLTR</varname> environment variable is defined
1201 or a <literal>-z loadfltr</literal> option was specified when
1202 the filter was created.</para>
1204 <para revision="217133">A race condition in the &man.sed.1;
1205 utility has been fixed. When an <option>-i</option> option is
1206 specified, there could be a short time window with no file
1207 with the original file name.</para>
1209 <para revision="216629">The &man.sh.1; program now supports
1210 <command>kill</command> as a built-in command. This allows
1211 specifying <literal>%<replaceable>job</replaceable></literal>
1212 which is equivalent to the corresponding process group. Note
1213 that this built-in command returns the exit status
1214 <literal>2</literal> instead of <literal>1</literal> if a
1215 fatal error occurs as other built-in commands do.</para>
1217 <para revision="217176,217472">A bug in the &man.sh.1; program has been
1218 fixed for POSIX conformance. It could return an incorrect exit
1219 status when an <command>exit</command> command with no
1220 parameter is specified in the <literal>EXIT trap</literal>
1221 handler, which is triggered when the shell terminates.
1222 In trap actions for other signals, an <command>exit</command>
1223 command with no parameter returns an exit status corresponding
1224 to the received signal.</para>
1226 <para revision="217557">A bug in the &man.sh.1; program has been
1227 fixed. When a foreground job exits on a signal, a message is
1228 printed to <filename>stdout</filename> about this. The buffer
1229 was not flushed after printing which could result in the message
1230 being written to the wrong file if the next command was a
1231 built-in and had <filename>stdout</filename> redirected.</para>
1233 <para revision="217461">The &man.sh.1; program now supports a
1234 <option>--</option> flag in <command>trap</command> command to
1235 stop the option processing.</para>
1237 <para revision="217206">The <literal>%builtin</literal> keyword
1238 support in the <varname>$PATH</varname> variable has been removed
1239 from the &man.sh.1; program. All built-in commands are always
1240 found before looking up directories in
1241 <varname>$PATH</varname>.</para>
1243 <para revision="218466">Arithmetic expression handling code in
1244 the &man.sh.1; program has been updated by importing code from
1245 <application>dash</application>. It now supports the conditional
1246 operator (<literal>?:</literal>) and a bug in evaluation of
1247 && and || around an arithmetic expression has been
1250 <para revision="224536">A bug in the &man.tftpd.8; daemon has
1251 been fixed. It had an interoperability issue when
1252 transferring a large file.</para>
1254 <para revision="202188">The &man.utmp.5; user accounting
1255 database has been replaced by &man.utmpx.3;. User accounting
1256 utilities will now use <filename>utmpx</filename> database
1257 files exclusively. The &man.wtmpcvt.1; utility can be used to
1258 convert <filename>wtmp</filename> files to the new format,
1259 making it possible to read them using the updated
1262 <para revision="218847">A &man.utxrm.8; utility has been added.
1263 This allows one to remove an entry from the
1264 <filename>utmpx</filename> database by hand. This is useful
1265 when a login daemon crashes or fails to remove the entry
1266 during shutdown.</para>
1268 <para revision="224171">The &man.zpool.8; utility now supports a
1269 <command>zpool labelclear</command> command. This allows to
1270 wipe the label data from a drive that is not active in a
1274 <sect2 id="contrib">
1275 <title>Contributed Software</title>
1277 <para revision="222544"><literal>ACPI CA</literal> has been
1278 updated to version 20110527.</para>
1280 <para revision="224731">The <application>awk</application> has
1281 been updated to the 7 August 2011 release.</para>
1283 <para revision="228189"><application>ISC BIND</application> has
1284 been updated to version 9.8.1-P1.</para>
1286 <para revision="218822"><application>GNU binutils</application>
1287 has been updated to 2.17.50 (as of 3 July 2007), which is the
1288 last available version under GPLv2.</para>
1290 <para revision="222656">The
1291 <application>compiler-rt</application> library, which provides
1292 low-level target-specific interfaces such as functions in
1293 <application>libgcc</application>, has been imported.</para>
1295 <para revision="224014"><literal>dialog</literal> has been
1296 updated to version 1.1-20110707.</para>
1298 <para revision="221793">The <literal>netcat</literal> utility
1299 has been updated to version 4.9.</para>
1301 <para revision="223328">The <application>tnftp</application> (formerly
1302 known as <application>lukemftp</application>) has been updated
1303 to tnftp-20100108.</para>
1305 <para revision="220150"><application>GNU GCC</application> and
1306 <application>libstdc++</application> have been updated to rev
1307 127959 of <literal>gcc-4_2-branch</literal> (the last
1308 GPLv2-licensed version).</para>
1310 <para revision="219557"><application>gdtoa</application>, a set
1311 of binary from/to decimal number conversion routines used in
1312 &os;'s <application>libc</application> library has been updated
1313 to a snapshot as of 4 March, 2011.</para>
1315 <para revision="222906">The <application>LESS</application>
1316 program has been updated to version v444.</para>
1318 <para revision="208954">The <application>LLVM</application>
1319 compiler infrastructure and
1320 <application>clang</application>, a C language family
1321 front-end, version 3.0 have been imported. Note that it is not
1322 used for building the &os; base system by default. In the &os; build
1323 infrastructure, the &man.clang.1;, &man.clang...1;, and
1324 &man.clang-cpp.1; utilities can be used in
1325 <varname>CC</varname>, <varname>CXX</varname>, and
1326 <varname>CPP</varname> &man.make.1; variables,
1327 respectively.</para>
1329 <para revision="219734"><application>Openresolv</application>
1330 version 3.4.4 has been imported. The &man.resolvconf.8;
1331 utility now manages the &man.resolv.conf.5; file.</para>
1333 <para revision="221484,224638">The
1334 <application>OpenSSH</application> utility has been updated to
1335 5.8p2, and optimization for large bandwidth-delay product
1336 connection and <literal>none</literal> cipher support have
1339 <para revision="223637">The <application>pf</application> packet
1340 filter has been updated to version 4.5.</para>
1342 <para revision="223067"><application>sendmail</application>
1343 has been updated to version 8.14.5.</para>
1345 <para revision="226750">The <application>timezone</application>
1346 database has been updated to the
1347 <application>tzdata2011m</application> release.</para>
1349 <para revision="217698">The &man.unifdef.1; utility has been updated
1350 to version 2.5.6.</para>
1352 <para revision="223935">The <application>xz</application>
1353 program has been updated from 5.0.0 to a snapshot as of 11
1358 <title>Release Engineering and Integration</title>
1360 <para revision="218799">A new installer &man.bsdinstall.8; has
1361 been added and integrated into installation ISO images. The
1362 &man.sysinstall.8; utility is also available for configuration
1363 after the installation.</para>
1365 <para>The supported version of
1366 the <application>KDE</application> desktop environment
1367 (<filename role="package">x11/kde4</filename>) has been
1368 updated from 4.5.5 to 4.7.3.</para>
1372 <sect1 id="upgrade">
1373 <title>Upgrading from previous releases of &os;</title>
1376 <title>Upgrading using freebsd-update(8) or a source-based
1379 <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE,
1380 binary upgrades between RELEASE versions (and snapshots of the
1381 various security branches) are supported using the
1382 &man.freebsd-update.8; utility. The binary upgrade procedure will
1383 update unmodified userland utilities, as well as a unmodified GENERIC kernel
1384 distributed as a part of an official &os; release.
1385 The &man.freebsd-update.8; utility requires that the host being
1386 upgraded have Internet connectivity.</para>
1388 <para>Source-based upgrades (those based on recompiling the &os;
1389 base system from source code) from previous versions are
1390 supported, according to the instructions in
1391 <filename>/usr/src/UPDATING</filename>.</para>
1393 <para>For more specific information about upgrading
1394 instructions, see <ulink
1395 url="http://www.FreeBSD.org/releases/9.0R/installation.html"></ulink>.</para>
1398 <para>Upgrading &os; should, of course, only be attempted after
1399 backing up <emphasis>all</emphasis> data and configuration
1405 <title id="upgrade-pitfalls">User-visible incompatibilities</title>
1407 <para>This section describes notable incompatibilities which you
1408 might want to know before upgrading your system.
1409 <emphasis>Please read this section and the <ulink
1410 url="http://www.FreeBSD.org/releases/9.0R/errata.html">Errata
1411 document</ulink> carefully before submitting a problem report
1412 and/or posting a question to the FreeBSD mailing
1413 lists.</emphasis></para>
1416 <title>Update of <literal>dialog</literal></title>
1418 <para>The <literal>dialog</literal> library is used in &os;'s
1419 new installer and the &os; Ports Collection to display a dialog
1420 window and allow users to select various options. Note that
1421 it is updated in &release.current; and there are several
1422 differences in key operations which might confuse users
1423 who are familiar with releases prior to &release.current;.
1424 For example, pushing the enter key in a checklist window will
1425 no longer check an item. The new version
1426 consistently uses space bar for selecting an item and the
1427 enter key for OK/Cancel selection.</para>
1431 <title>Partition Metadata Integrity Check</title>
1433 <para>&os; now checks the integrity of partition metadata when
1434 a partition table is found on a disk though the GEOM
1435 <application>PART</application> subsystem. This detection
1436 is automatically performed when a disk device is ready.
1437 The GEOM <application>PART</application> class in the kernel
1438 verifies all generic partition parameters obtained from the
1439 disk metadata, and if some inconsistency is detected, the
1440 partition table will be rejected with the following
1441 diagnostic message:</para>
1443 <screen>GEOM_PART: Integrity check failed</screen>
1445 <para>This integrity check is enabled by default. On a system
1446 prior to &release.current;, the inconsistencies were
1447 silently ignored. Therefore, there is a possibility that this
1448 prevents a system from booting after upgrading it to
1449 &release.current;. More specifically, the kernel cannot
1450 mount the system partition at boot time in some
1453 <para>If this happens, a &man.loader.8; tunable
1454 <varname>kern.geom.part.check_integrity</varname> can be
1455 used as a workaround. Enter the following lines in the
1456 &man.loader.8; prompt at boot time:</para>
1458 <screen><userinput>set kern.geom.part.check_integrity="0"</userinput>
1459 <userinput>boot</userinput></screen>
1461 <para>These commands temporarily disable the integrity check.
1462 If it was the cause of the boot failure, the &os; kernel should detect the
1463 partitions as the prior release
1464 did, after entering the commands. This configuration can be added into
1465 <filename>/boot/loader.conf</filename> as follows:</para>
1467 <programlisting>kern.geom.part.check_integrity="0"</programlisting>
1469 <para>To check inconsistent metadata after booting on the
1470 system, use the &man.gpart.8; utility on the system. A
1471 corrupted entry will be displayed like the following:</para>
1473 <screen>&prompt.user; gpart show
1474 => 63 1953525104 mirror/gm0 MBR (931G) [CORRUPT]
1475 63 1953525105 1 freebsd [active] (931G)</screen>
1477 <para>For more information, see the &man.gpart.8; manual page.</para>
1481 <title>ATA/SATA subsystem now &man.cam.4;-based</title>
1483 <para>In &release.current;, the &os; ATA/SATA disk subsystem has
1484 been replaced with a new &man.cam.4;-based implementation.
1485 &man.cam.4; stands for Common Access Method, which is an
1486 implementation of an API set originally for SCSI-2 and
1487 standardized as "SCSI-2 Common Access Method Transport and
1488 SCSI Interface Module". &os; has used the &man.cam.4; subsystem
1489 to handle SCSI devices since 3.X.</para>
1491 <para>Although the new &man.cam.4;-based ATA/SATA subsystem
1492 provides various functionality which the old &man.ata.4; did
1493 not have, it also has some incompatibilities:</para>
1497 <para>An ATA/SATA disk is now recognized as a device node
1499 <devicename>ada<replaceable>0</replaceable></devicename>
1501 <devicename>ad<replaceable>0</replaceable></devicename>.
1502 Currently, a symbolic link
1503 <filename>/dev/ad<replaceable>0</replaceable></filename>
1504 is automatically generated for
1505 <filename>/dev/ada<replaceable>0</replaceable></filename>
1506 to keep backward compatibility. This symbolic link
1507 generation can be controlled by a
1508 <varname>kern.cam.ada.legacy_aliases</varname> (enabled
1509 by default). You might want to update
1510 <filename>/etc/fstab</filename> and/or consider using
1511 volume labels (see &man.glabel.8; for more details) for
1512 specifying each file system to be mounted.</para>
1516 <para>The &man.atacontrol.8; utility cannot be used for
1517 &man.cam.4;-based devices. The &man.camcontrol.8
1518 utility is a replacement.</para>
1522 <para>&man.ataraid.4; software RAID is now supported by the
1523 &man.graid.8; GEOM class. It generates a device node
1525 <filename>/dev/raid/r<replaceable>0</replaceable></filename>
1526 if you previously had
1527 <filename>/dev/ar<replaceable>0</replaceable></filename>.
1528 Note that this is not enabled by default. To enable it,
1529 enter the following line in the &man.loader.8; prompt:</para>
1531 <screen>set geom_raid_load="YES"
1534 <para>or add the following line to
1535 <filename>/boot/loader.conf</filename>:</para>
1537 <programlisting>geom_raid_load="YES"</programlisting>
1539 <para>and reboot the system. A symbolic link like
1540 <filename>/dev/ar<replaceable>0</replaceable></filename>
1541 will NOT be generated for
1542 <filename>/dev/raid/r<replaceable>0</replaceable></filename>.
1543 Therefore, if your system used
1544 <filename>/dev/ar<replaceable>0</replaceable></filename>
1545 as the root partition, mounting local file systems will
1546 fail because it is renamed to
1547 <filename>/dev/raid/r<replaceable>0</replaceable></filename>.
1548 You need to update <filename>/etc/fstab</filename>
1549 manually in that case.</para>
1553 <para>The &man.burncd.8; utility does not work with
1554 &man.cam.4;-based devices. Use the cdrecord(1) utility
1555 in <filename role="package">sysutils/cdrtools</filename>
1562 <title>Network Configuration Changes in
1563 <filename>/etc/rc.conf</filename></title>
1565 <para>Although variables in &man.rc.conf.5; are basically
1566 compatible with earlier releases, ones related to network
1567 configuration are changed because of reorganization of the
1568 &man.rc.8; scripts.</para>
1572 <para>An address configuration now always needs an address
1573 family keyword. For example, the following line</para>
1575 <programlisting>ifconfig_em0="192.168.2.1 netmask 255.255.255.0"</programlisting>
1577 <para>should be</para>
1579 <programlisting>ifconfig_em0="inet 192.168.2.1 netmask 255.255.255.0"</programlisting>
1581 <para>Although the old convention is still supported in
1582 the existing variables for backward compatibility, some
1583 new variables do not support it.</para>
1588 <varname>ifconfig_<replaceable>IF</replaceable>_alias<replaceable>0</replaceable></varname>
1589 variable now requires an address family keyword to
1590 support non-IPv4 address families. For instance,</para>
1592 <programlisting>ifconfig_em0_alias0="192.168.2.10 netmask 255.255.255.255"</programlisting>
1594 <para>should be</para>
1596 <programlisting>ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255"</programlisting>
1598 <para>Different address families can coexist like the
1601 <programlisting>ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255"
1602 ifconfig_em0_alias1="inet6 2001:db8:1::1 prefixlen 64"</programlisting>
1604 <para>Note that IPv6 alias configurations in
1605 <varname>ifconfig_<replaceable>IF</replaceable>_alias<replaceable>N</replaceable></varname>
1606 will be ignored when no
1607 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>
1608 variable is defined because it determines whether IPv6
1609 functionality is enabled on that interface or not (this
1610 variable will be explained later).</para>
1614 <para>All alias and static routing configurations
1615 through &man.rc.conf.5; variables will be deactivated when
1616 invoking &man.rc.8; scripts or the &man.service.8; command
1617 with the <literal>stop</literal> keyword.</para>
1619 <screen>&prompt.root; service netif stop em0</screen>
1621 <para>stops the interface <literal>em0</literal>.</para>
1623 <screen>&prompt.root; service routing stop</screen>
1625 <para>deactivates all static route configurations.</para>
1627 <para>Releases prior to &os; &release.current; did not
1628 support this functionality properly for non-IPv4
1633 <para>IPv6 configuration handling has been changed in the
1634 following way. Before in-depth explanations, here is a
1635 before-and-after example. What was previously:</para>
1637 <programlisting>ifconfig_em0="192.168.2.1 netmask 255.255.255.0"
1638 ifconfig_em0_alias0="192.168.2.2 netmask 255.255.255.255"
1641 ipv6_ifconfig_em0="2001:db8:1::1 prefixlen 64"
1642 ipv6_ifconfig_em0_alias0="2001:db8:2::1 prefixlen 64"
1643 # em1 uses SLAAC for IPv6 address configuration</programlisting>
1645 <para>should be in &release.current;:</para>
1647 <programlisting>ifconfig_em0="inet 192.168.2.1 netmask 255.255.255.0"
1648 ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64 accept_rtadv"
1649 ifconfig_em0_alias0="inet 192.168.2.2 netmask 255.255.255.255"
1650 ifconfig_em0_alias1="inet6 2001:db8:2::1 prefixlen 64"
1652 ifconfig_em1_ipv6="inet6 accept_rtadv"</programlisting>
1654 <para>More specific explanations of the changes are as
1659 <para>The <varname>ipv6_enable</varname> variable is
1660 deprecated. IPv6 functionality on the system is
1661 enabled by default. No IPv6 communication will
1662 happen if you configure no IPv6 address.</para>
1664 <para>&release.current; now supports intermediate
1665 configurations between a host and a router IPv6
1666 node. The <varname>ipv6_enable</varname> variable
1667 assumed that the system was a host node when
1668 <varname>ipv6_gateway_enable</varname> was set to
1669 <literal>NO</literal> (default), and a router node
1670 if not. A host node always accepted ICMPv6 Router
1671 Advertise messages, and a router did not.</para>
1673 <para>In &release.current;, this model is still
1674 applied but on a per-interface basis, not a
1675 system-wide basis. Specifically, if an interface has
1676 an <literal>ACCEPT_RTADV</literal> flag, RA messages
1677 will be accepted on that interface for SLAAC
1678 (StateLess Address AutoConfiguration) regardless of
1679 whether the packet forwarding is enabled or
1682 <para>In addition to them, a per-interface flag
1683 <literal>NO_RADR</literal> and a &man.sysctl.8;
1684 variable <varname>net.inet6.ip6.rfc6204w3</varname>
1685 have been added. This controls whether default
1686 router list information via RA messages on an
1687 RA-accepting interface should be ignored or not. In
1688 an IPv6 router model, it is not supposed to accept
1689 RA messages as an information source for the default
1690 router list. Because of that, &os; &release.current;
1691 ignores the default router list part when IPv6
1692 packet forwarding is enabled, even if the interface
1693 has an <literal>ACCEPT_RTADV</literal> flag. However,
1694 this can make for a difficult situation when the system
1695 has to work as a CPE (Customer Premises Equipment)
1696 which needs RA messages from the upstream network
1697 for network configuration and acts as a router for
1698 the LAN simultaneously. For more information about
1699 this kind of configuration, see RFC 6204.</para>
1701 <para>To support this kind of configuration, the
1702 <varname>ipv6_cpe_wanif</varname> variable in
1703 &man.rc.conf.5; can be used.</para>
1705 <programlisting>ipv6_gateway_enable="YES"
1706 ipv6_cpe_wanif="em0"</programlisting>
1708 <para>means the <literal>em0</literal> interface
1709 accepts RA messages and the default router
1710 information in them, and the other interfaces ignore
1711 the default router information part even when
1712 the <literal>ACCEPT_RTADV</literal> flag is set on
1715 <para><varname>ipv6_cpe_wanif</varname> handling internally
1716 sets the <varname>net.inet6.ip6.rfc6204w3</varname>
1717 and the <varname>net.inet6.ip6.no_radr</varname>
1718 &man.sysctl.8; variables to <literal>1</literal>.
1719 Note that both are set to <literal>0</literal> by
1720 default. When the former is set to
1721 <literal>1</literal>, &os; accepts the default
1722 router list even when IPv6 packet forwarding is
1723 enabled. Note that a system administrator needs to
1724 set a <literal>NO_RADR</literal> flag on the other
1725 RA-accepting interfaces, if any, to prevent it from
1726 accepting unexpected default router information.
1727 The latter variable means the <literal>NO_RADR</literal> flag is automatically
1730 <para>If <literal>ipv6_enable="YES"</literal> is
1731 defined in &os; &release.current;, it sets
1732 <literal>ipv6_activate_all_interfaces="YES"</literal>
1733 in <filename>/etc/rc.conf</filename> and the
1734 <literal>inet6 accept_rtadv</literal>
1735 &man.ifconfig.8; option on all network interfaces.
1736 Note that this is only for backward compatibility.
1737 The <varname>ipv6_enable</varname> should not be
1738 used in &os; &release.current;.</para>
1743 <varname>ipv6_ifconfig_<replaceable>IF</replaceable></varname>
1744 variable is renamed to
1745 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>.
1746 This variable controls whether IPv6 functionality
1747 should be enabled on that interface or not. If
1748 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>,
1749 is not set, there is no IPv6 functionality on the interface
1750 <replaceable>IF</replaceable>.</para>
1753 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> variable
1754 always needs the address family keyword
1755 <literal>inet6</literal>. If you need an automatic
1756 link-local address only, the following line is enough:</para>
1758 <programlisting>ifconfig_em0_ipv6="inet6 auto_linklocal"</programlisting>
1760 <para>If you need full-blown IPv6 functionality on all
1761 interfaces like prior releases with
1762 <literal>ipv6_enable="YES"</literal>, including ones
1764 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6
1765 line</varname>, you might want to use the
1766 <varname>ipv6_activate_all_interfaces</varname>
1767 variable as explained later.</para>
1769 <para>If <literal>ipv6_ifconfig_<replaceable>IF</replaceable>="..."</literal> is
1770 defined in &os; &release.current;, it means
1771 <literal>ifconfig_<replaceable>IF</replaceable>_ipv6="inet6 ..."</literal>.
1772 Note that this is only for backward compatibility.
1773 The <literal>inet6</literal> address family keyword
1774 is required for <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>,
1775 but was NOT required for
1776 <varname>ipv6_ifconfig_<replaceable>IF</replaceable></varname>. The
1777 <varname>ipv6_ifconfig_<replaceable>IF</replaceable></varname> variables should not be
1778 used in &release.current;.</para>
1782 <para>An interface with no corresponding
1783 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> variable is
1784 marked with an <literal>IFDISABLED</literal> flag by
1785 &man.devd.8; daemon. This flag means IPv6
1786 communication is disabled on that interface. This
1787 can also be found in output of
1788 &man.ifconfig.8;:</para>
1790 <screen>&prompt.user; ifconfig em0
1791 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
1792 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
1793 ether xx:xx:xx:xx:xx:xx
1794 inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
1795 nd6 options=3<PERFORMNUD,IFDISABLED,ACCEPT_RTADV>
1796 media: Ethernet autoselect (1000baseT <full-duplex>)
1800 <para>To enable IPv6 functionality, this flag should
1801 be removed first. There are several ways to do so.
1802 Adding an IPv6 address automatically removes this
1803 flag. It is possible to remove this flag explicitly
1804 by using the following command:</para>
1806 <screen>&prompt.root; ifconfig em0 inet6 -ifdisabled</screen>
1808 <para>Note that defining an
1809 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> is the most
1810 reasonable way to activate IPv6 functionality on
1811 that interface. This <literal>IFDISABLED</literal>
1812 flag is to prevent unintended IPv6 communications
1813 in an IPv4-only environment even when the interface
1814 has an IPv6 link-local address. If you need
1815 full-blown IPv6 functionality on all interfaces, you
1816 might want to use the
1817 <varname>ipv6_activate_all_interfaces</varname>
1818 variable as explained later.</para>
1822 <para>The &man.sysctl.8; variable
1823 <varname>net.inet6.ip6.accept_rtadv</varname> has
1824 been changed. It was a system-wide configuration
1825 knob which controlled whether the system accepts ICMPv6
1826 Router Advertisement messages or not. In
1827 &os; &release.current;, this knob is converted into a
1828 per-interface <literal>inet6 accept_rtadv</literal>
1829 &man.ifconfig.8; option. Although the
1830 &man.sysctl.8; variable is available still in
1831 &os; &release.current;, it now controls whether the
1832 per-interface option is set by default or not. The
1833 default value is <literal>0</literal> (not accept
1834 the RA messages).</para>
1838 <para>The &man.sysctl.8; variable
1839 <varname>net.inet6.ip6.auto_linklocal</varname> has
1840 been changed. It was a system-wide configuration
1841 knob which controlled whether an IPv6 link-local address
1842 was generated on a network interface when it became
1843 up. In &os; &release.current;, this knob is converted
1844 into a per-interface <literal>inet6
1845 auto_linklocal</literal> &man.ifconfig.8; option.
1846 Although the &man.sysctl.8; variable is still available
1847 in &os; &release.current;, it now controls whether the
1848 per-interface option is set by default or not. The
1849 default value is <literal>1</literal> (generate a
1850 link-local automatically).</para>
1854 <para>The functionality of
1855 <varname>ipv6_ifconfig_<replaceable>IF</replaceable>_alias<replaceable>0</replaceable></varname>
1857 <varname>ifconfig_<replaceable>IF</replaceable>_alias<replaceable>0</replaceable></varname>.
1858 Note that address family keywords are always required:</para>
1860 <programlisting>ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255"
1861 ifconfig_em0_alias1="inet6 2001:db8:1::1 prefixlen 64</programlisting>
1864 <varname>ipv6_ifconfig_<replaceable>IF</replaceable>_alias<replaceable>N</replaceable></varname>
1865 is still usable in &os; &release.current;, it is only for
1866 backward compatibility.</para>
1871 <varname>ipv6_activate_all_interfaces</varname> variable
1872 has been added. If this variable is set to
1873 <literal>YES</literal>, the <literal>IFDISABLED</literal>
1874 option will not be added even if
1875 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> variables are not
1876 defined. This can prevent <literal>IFDISABLED</literal>
1877 on dynamically-added interfaces such as &man.ppp.4;,
1878 &man.tap.4;, and &man.ng.iface.4; where defining
1879 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> in advance is
1888 <title>Openresolv and <filename>/etc/resolv.conf</filename></title>
1890 <para>The &man.resolvconf.8; utility has been added and it now
1891 handles updating the &man.resolv.conf.5; file. Direct
1892 modifications to <filename>/etc/resolv.conf</filename> can
1893 be overwritten by network configuration utilities such as
1894 &man.dhclient.8; and &man.rtsold.8;.</para>
1898 <title>Disk Partition Management Utilities</title>
1900 <para>In earlier releases various utilities were available to
1901 manage disk partition information. They are deprecated in
1902 favor of the &man.gpart.8; utility. Specifically, the
1903 &man.fdisk.8;, &man.disklabel.8; &man.bsdlabel.8;, and
1904 &man.sunlabel.8; utilities are no longer supported actively
1905 though these are still available for backward
1906 compatibility.</para>