1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
19 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
22 <legalnotice id="trademarks" role="trademarks">
32 <para>The release notes for &os; &release.current; contain a summary
33 of the changes made to the &os; base system on the
34 &release.branch; development line.
35 This document lists applicable security advisories that were issued since
36 the last release, as well as significant changes to the &os;
38 Some brief remarks on upgrading are also presented.</para>
43 <title>Introduction</title>
45 <para>This document contains the release notes for &os;
47 describes recently added, changed, or deleted features of &os;.
48 It also provides some notes on upgrading
49 from previous versions of &os;.</para>
51 <![ %release.type.current [
53 <para>The &release.type; distribution to which these release notes
54 apply represents the latest point along the &release.branch; development
55 branch since &release.branch; was created. Information regarding pre-built, binary
56 &release.type; distributions along this branch
57 can be found at <ulink url="&release.url;"></ulink>.</para>
61 <![ %release.type.snapshot [
63 <para>The &release.type; distribution to which these release notes
64 apply represents a point along the &release.branch; development
65 branch between &release.prev; and the future &release.next;.
67 pre-built, binary &release.type; distributions along this branch
68 can be found at <ulink url="&release.url;"></ulink>.</para>
72 <![ %release.type.release [
74 <para>This distribution of &os; &release.current; is a
75 &release.type; distribution. It can be found at <ulink
76 url="&release.url;"></ulink> or any of its mirrors. More
77 information on obtaining this (or other) &release.type;
78 distributions of &os; can be found in the <ulink
79 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
80 &os;</quote> appendix</ulink> to the <ulink
81 url="&url.books.handbook;/">&os;
82 Handbook</ulink>.</para>
86 <para>All users are encouraged to consult the release errata before
87 installing &os;. The errata document is updated with
88 <quote>late-breaking</quote> information discovered late in the
89 release cycle or after the release. Typically, it contains
90 information on known bugs, security advisories, and corrections to
91 documentation. An up-to-date copy of the errata for &os;
92 &release.current; can be found on the &os; Web site.</para>
97 <title>What's New</title>
99 <para>This section describes the most user-visible new or changed
100 features in &os; since &release.prev;.</para>
102 <para>Typical release note items document recent security
103 advisories issued after &release.prev;, new drivers or hardware
104 support, new commands or options, major bug fixes, or
105 contributed software upgrades. They may also list changes to
106 major ports/packages or release engineering practices. Clearly
107 the release notes cannot list every single change made to &os;
108 between releases; this document focuses primarily on security
109 advisories, user-visible changes, and major architectural
112 <sect2 id="security">
113 <title>Security Advisories</title>
115 <para>Problems described in the following security advisories have
116 been fixed. For more information, consult the individual
117 advisories available from
118 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
120 <informaltable frame="none" pgwide="0">
122 <colspec colwidth="1*">
123 <colspec colwidth="1*">
124 <colspec colwidth="3*">
127 <entry>Advisory</entry>
135 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
136 >SA-09:15.ssl</ulink></entry>
137 <entry>3 Dec 2009</entry>
138 <entry><para>SSL protocol flaw</para></entry>
141 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
142 >SA-09:16.rtld</ulink></entry>
143 <entry>3 Dec 2009</entry>
144 <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
147 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
148 >SA-09:17.freebsd-update</ulink></entry>
149 <entry>3 Dec 2009</entry>
150 <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
153 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
154 >SA-10:01.bind</ulink></entry>
155 <entry>6 Jan 2010</entry>
156 <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
159 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
160 >SA-10:02.ntpd</ulink></entry>
161 <entry>6 Jan 2010</entry>
162 <entry><para>ntpd mode 7 denial of service</para></entry>
165 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
166 >SA-10:03.zfs</ulink></entry>
167 <entry>6 Jan 2010</entry>
168 <entry><para>ZFS ZIL playback with insecure permissions</para></entry>
171 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
172 >SA-10:04.jail</ulink></entry>
173 <entry>27 May 2010</entry>
174 <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
177 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
178 >SA-10:05.opie</ulink></entry>
179 <entry>27 May 2010</entry>
180 <entry><para>OPIE off-by-one stack overflow</para></entry>
183 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
184 >SA-10:06.nfsclient</ulink></entry>
185 <entry>27 May 2010</entry>
186 <entry><para>Unvalidated input in nfsclient</para></entry>
189 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
190 >SA-10:07.mbuf</ulink></entry>
191 <entry>13 July 2010</entry>
192 <entry><para>Lost mbuf flag resulting in data corruption</para></entry>
200 <title>Kernel Changes</title>
202 <para>The &man.ddb.4; debugger has been improved:</para>
206 <para>It now supports <command>show
207 ifnets</command> and <command>show ifnet <replaceable>struct
208 ifnet *</replaceable></command> commands to print a list of
209 <quote>ifnet *</quote> of each virtual network stack and
210 fields of specified <varname>fip</varname>,
215 <para>It now supports <command>show all
216 lltables</command>, <command>show lltable
217 <replaceable>struct lltable *</replaceable></command>, and
218 <command>show llentry <replaceable>struct llentry
219 *</replaceable></command> commands to print a list of
220 <quote>lltable *</quote> of each virtual network stack,
221 fields of specified structures respectively.</para>
225 <para>The <command>show mount</command> command now prints
226 active string mount options.</para>
230 <para>It now supports <command>show
231 vnetrcrs</command> command to dump the whole log of
232 distinctive <varname>curvnet</varname> recursion
237 <para>It now supports <command>show
238 vnet_sysinit</command> and <command>show
239 vnet_unsysinit</command> commands to print
240 ordered call lists.</para>
244 <para>The default &man.devfs.5; rules now expose the upper 256
245 of &man.pty.4; device nodes.</para>
247 <para>A new kernel thread called <quote>deadlock
248 resolver</quote> has been added. This can be used to detect
249 possible deadlock by using information of thread state and
250 heuristical analysis. This is not enabled by default. To
251 enable this, an option <option>option DEADLKRES</option> in
252 kernel configuration file and recompilation of the
255 <para>Two commands to enable/disable read-ahead have been added
256 to &man.fcntl.2; system call:</para>
260 <para><varname>F_READAHEAD</varname> specifies the amount
261 for sequential access. The amount is specified in bytes and is
262 rounded up to nearest block size.</para>
266 <para><varname>F_RDAHEAD</varname> is a Darwin compatible
267 version that use 128KB as the sequential access
272 <para>Note that the read-ahead amount is also constrainted by
273 sysctl variable <varname>vfs.read_max</varname>, which may
274 need to be raised in order to better utilize this
277 <para>The &man.lindev.4; driver has been added. This is for
278 supporting various linux-specific pseudo devices such as
279 <filename>/dev/full</filename>. Note that this is not
280 included in <filename>GENERIC</filename> kernel.</para>
282 <para>A POSIX function pselect(3) has been reimplemented as a
283 system call &man.pselect.2; to eliminate race
286 <para>A kernel option <option>option
287 INCLUDE_CONFIG_FILE</option> has been added to
288 <filename>GENERIC</filename> kernel by default.</para>
290 <para>New SDT (Statically Defined Tracing) probes such as ones
291 for <literal>opencrypto</literal> and <literal>vnet</literal>
292 have been added to &os; &man.dtrace.1; subsystem.</para>
294 <para arch="powerpc">&os; now supports SMP in PowerPC G5
295 systems. Note that SMP support on &os;/&arch.powerpc; is
296 disabled by default in <filename>GENERIC</filename>
299 <para arch="sparc64">&os; now supports UltraSPARC IV, IV+, and
300 SPARC64 V CPUs.</para>
302 <para>A bug in the &man.tty.4; driver that
303 <varname>TIOCSTI</varname> did not work has been fixed. This
304 affects applications like &man.mail.1;.</para>
306 <para>A bug in the &man.sched.4bsd.4; scheduler that the
307 timestamp for the sleeping operation is not cleaned up on the
308 wakeup has been fixed.</para>
310 <para>A race condition in the &man.sched.4bsd.4; scheduler has
313 <para>A bug in the &man.sched.ule.4; scheduler which prevented
314 process usage (<literal>%CPU</literal>) from working correctly
315 has been fixed.</para>
317 <para>The &man.syscons.4; driver has been improved. The history
318 buffer can be fully saved/restored in the VESA mode switching
320 <varname>hint.sc.<replaceable>0</replaceable>.vesa_mode</varname>.</para>
322 <para arch="amd64,i386">An x86 real mode emulator based on
323 OpenBSD's x86emu implementation has been added to improve real
324 mode BIOS call support on both &arch.i386; and &arch.amd64;.
325 The &man.atkbdc.4;, &man.dpms.4;, vesa(4), &man.vga.4; driver
326 now use this emulator and work on the both platforms.</para>
328 <para>The VIMAGE &man.jail.8; virtualization container can work
329 with &man.sctp.4; now. Note that the VIMAGE is not enabled by
330 default in <filename>GENERIC</filename> kernel.</para>
332 <para>The VIMAGE &man.jail.8; now supports
333 <varname>ip4.saddrsel</varname>,
334 <varname>ip4.nosaddrsel</varname>,
335 <varname>ip6.saddrsel</varname>, and
336 <varname>ip6.nosaddrsel</varname> to control whether to use
337 source address selection or the primary jail address for
338 unbound outgoing connections. The default value is to use
339 source address selection.</para>
342 <title>Boot Loader Changes</title>
344 <para arch="pc98">The <filename>boot2</filename> bootcode has
345 been reimplemented based on the &arch.i386 counterpart. It
346 now supports ELF binary, UFS2 file system, and larger number
349 <para arch="ia64">The EFI <filename>loader</filename> program
350 now supports a command-line option <option>-dev
351 <replaceable>currdev</replaceable></option> to specify the
352 default value of <varname>currdev</varname>. This option
353 can be set by the EFI boot manager.</para>
355 <para arch="powerpc">The &man.loader.8; program now supports
356 U-Boot storage.</para>
358 <para>A kernel environment variable
359 <varname>vfs.root.mountfrom</varname> now supports
360 multiple elements for root file system in a space-separated
361 list. Each list element will be tried in order and the
362 first available one will be mounted.</para>
364 <para arch="i386">The algorithm the &man.loader.8; uses has
365 been improved to choose a memory range for its heap when
366 using a range above 1MB. This fixes a symptom that the
367 loader fails to load a kernel.</para>
369 <para>The <filename>zfsloader</filename> has been added. This
370 is a separate &man.zfs.8; enabled loader. Note that a ZFS
371 bootcode (<filename>zfsboot</filename> or
372 <filename>gptzfsboot</filename>) need to be installed
373 to use this new loader.</para>
375 <para>The <filename>zfsboot</filename> and
376 <filename>gptzfsboot</filename> bootcode now fully support
377 64-bit LBAs for disk addresses. This allows booting from
378 large volumes.</para>
382 <title>Hardware Support</title>
384 <para arch="powerpc">The <filename>adb</filename> driver now
385 supports for interpreting taps on ADB touchpads as a button
388 <para>The amdsbwd(4) driver for AMD SB600/SB7xx watchdog
389 timer has been added.</para>
391 <para arch="powerpc">The <filename>apt</filename> driver for
392 the Apple Touchpad present on MacBook has been added to
393 <filename>GENERIC</filename> kernel.</para>
395 <para arch="sparc64">The epic(4) driver for the front panel
396 LEDs in Sun Fire V215/V245 has been added.</para>
398 <para>A bug in the &man.ipmi.4; driver that caused incorrect
399 watchdog timer setting has been fixed.</para>
401 <para arch="sparc64">The &man.pci.4; driver now supports a
402 JBus to PCIe bridge (called as <quote>Fire</quote>) found in
403 the Sun Fire V215/V245 and Sun Ultra 25/45 machines.</para>
405 <para>The &man.usb.4; subsystem now reports &man.devd.8;
406 <literal>notify</literal> events with the device properties
407 instead of <literal>attach</literal> events. The following is an
408 example entry of &man.devd.conf.5; to match a &man.umass.4;
409 device with a SCSI subclass and BBB protocol:</para>
411 <programlisting>notify 100 {
412 match "system" "USB";
413 match "subsystem" "INTERFACE";
414 match "type" "ATTACH";
415 match "intclass" "0x08";
416 match "intsubclass" "0x06";
417 match "intprotocol" "0x50";
418 action "/path/to/command -flag";
421 <para arch="powerpc">The &man.smu.4; driver now provides
422 thermal management and monitoring features. This allows fan
423 control and thermal monitoring on SMU-based Apple G5
424 machines, as well as an &man.led.4; interface to control the
427 <para>The &man.tnt4882.4; driver for IEEE-488 (GPIB) bus now
428 supports National Instruments TNT5004 chip.</para>
430 <para>The &man.uart.4; driver now supports NetMos NM9865
431 family of Serial/Parallel ports.</para>
433 <para>A bug in the &man.uftdi.4; driver that can allow to send
434 a zero length packet has been fixed.</para>
437 <title>Multimedia Support</title>
439 <para>The &man.acpi.video.4; driver now supports LCD
440 brightness control notify handler.</para>
442 <para>The &man.acpi.sony.4; helper driver now supports
443 default display brightness, wired LAN power, and bass
446 <para>The &man.agp.4; driver has been improved. It includes
447 a fix for aparture size calculation issue which prevents
448 some graphics cards from working.</para>
450 <para>The &man.snd.hda.4; driver now allows AD1981HD codecs
451 to use playback mixer.</para>
453 <para>The &man.snd.hda.4; driver now supports multichannel
454 (4.0 and 7.1) playback support. The 5.1 mode support is
455 disabled now due to unidentified synchonization problem.
456 Devices which supports the 7.1 mode can handle the 5.1
457 operation via software upmix done by &man.sound.4;. Note
458 that stereo stream is no longer duplicated to all
461 <para>The &man.uep.4; driver for USB onscreen touch panel
462 from eGalax has been added. This driver is supported by
463 <filename>x11-drivers/xf86-input-egalax</filename>.</para>
467 <title>Network Interface Support</title>
469 <para>The &man.ath.4; driver now supports Atheros
470 AR9285-based devices.</para>
472 <para>A bug in the &man.ath.4; driver which causes a problem
473 of AR5416-based chipsets including AR9285 has been fixed.</para>
475 <para>The &man.bge.4; driver now supports BCM5761, BCM5784, and
476 BCM57780-based devices.</para>
478 <para>The &man.bge.4; driver now supports TSO (TCP
479 Segmentation Offloading) on BCM5755 or newer
482 <para>A long-standing bug in the &man.bge.4; driver which
483 was related to ASF heartbeat sending has been
486 <para>A long-standing stability issue of the &man.bce.4; and
487 &man.bge.4; driver due to a hardware bug in its DMA
488 handling when the system has more than 4GB memory has been
489 fixed. This applies to BCM5714, BCM5715, and BCM5708
492 <para>A bug in the &man.bge.4; driver that incorrectly
493 enabled TSO on BCM5754/BCM5754M controllers has been
496 <para>A bug in the &man.if.bridge.4; driver has been fixed.
497 The MTU was set based on the firstly-added member even if
498 the addition failed.</para>
500 <para>The &man.if.bridge.4; driver now supports
501 <varname>SIOCSIFMTU</varname> ioctl. For example,
502 <command>ifconfig bridge0 mtu 1280</command> can change
503 the MTU of <literal>bridge0</literal> to
504 <literal>1280</literal>. Changing the MTU is allowed only
505 when all members have the same MTU value.</para>
507 <para>The &man.bwn.4; driver for Broadcom BCM43xx chipsets
508 has been added.</para>
510 <para>The &man.cxgb.4; driver has been updated to T3
511 firmware 7.8.0.</para>
513 <para>The &man.cxgb.4; driver now supports hardware
514 filtering based on inspection of L2/L3/L4 headers.
515 Filtering based on source IP address, destination IP
516 address, source port number, destination port number,
517 802.1q VLAN frame tag, UDP, TCP, and MAC address addr is
518 possible. The configuration can be done by the
519 cxgbtool(8) utility. Note that cxgbtool(8) is in
520 <filename>src/usr.sbin/cxgbtool</filename> but not
521 compilied by default.</para>
523 <para>The et(4) driver now supports MSI and Tx checksum
524 offloading of IPv4, TCP, and UDP.</para>
526 <para>The &man.em.4; driver has been updated to version
529 <para>The &man.fxp.4; driver now exports the hardware MAC
530 statistics via sysctl variables.</para>
532 <para>The &man.igb.4; driver has been updated to version
535 <para>The &man.iwn.4; driver has been updated. This
536 includes various improvements and bugfixes regarding RF
537 switch, bgscan support, suspend/resume support, locking
538 issue, and more. The line <literal>device iwnfw</literal>
539 in the kernel configuration file will include all firmware
542 <para>The &man.ixgbe.4; driver has been updated to version
545 <para>The &man.msk.4; driver has been improved:</para>
549 <para>It now supports Marvell Yukon 88E8042, 88E8057,
550 88E8059 (Yukon Optima) devices and DGE-560SX (Yukon
555 <para>A rudimentary interrupt moderation with
556 programmable countdown timer register has been
557 implemented. The default parameter of the holdoff
558 time is 100us and this can be changed via sysctl
560 <varname>dev.mskc.<replaceable>0</replaceable>.int_holdoff</varname>.
561 Note that the interrupt moderation is shared resource
562 on a dual-port controllers and it is impossible to use
563 separate interrupt moderation values for each
568 <para>A stability issue has been fixed. A heavy RX
569 traffic while rebooting is in progress could prevent
570 the system from working.</para>
573 <para>The &man.mxge.4; driver has been updated to firmware
574 version 1.4.50 from Myricom.</para>
576 <para>The &man.re.4; driver no longer performs an
577 unnecessary interface up/down during getting IP address
580 <para>The &man.re.4; driver now uses <literal>2048</literal>
581 as PCIe Maximuim Read Request Size. This improves bulk
582 transfer performance.</para>
584 <para>The &man.run.4; driver for Ralink
585 RT2700U/RT2800U/RT3000U USB 802.11agn devices has been
588 <para>The sge(4) driver for Silicon Integrated Systems
589 SiS190/191 Fast/Gigabit Ethernet has been added. This
590 supports TSO and TSO over VLAN.</para>
592 <para>The &man.ste.4; driver has been improved:</para>
596 <para>The DMA handling has been improved.</para>
600 <para>Wake-On-LAN is now supported.</para>
604 <para>Unnecessary reinitialization of the
605 interfaces has been eliminated.</para>
609 <para>RX interrupt moderation with single shot timer has
610 been implemented. The default parameter of the
611 moderation time is 150us and this can be changed via
613 <varname>dev.ste.<replaceable>0</replaceable>.int_rx_mod</varname>.
614 Setting it 0 effectively disables the RX interrupt
615 moderation feature.</para>
619 <para>The tsec(4) driver now supports &man.altq.4;.</para>
621 <para>The &man.u3g.4; driver has been improved and now works
622 with ZTE MF636, Option Gi0322, Globetrotter GE40x, and
623 Novatel MC950D.</para>
625 <para>The &man.uhso.4; driver for Option HSDPA USB devices
626 has been added. A new &man.uhsoctl.1; userland utility
627 can be used to initiate and close the WAN
630 <para>The &man.vge.4; driver has been improved:</para>
634 <para>The DMA handling has been improved.</para>
638 <para>Wake-On-LAN is now supported.</para>
642 <para>Unnecessary reinitialization of the
643 interfaces has been eliminated.</para>
647 <para>Hardware MAC statistics are now supported via sysctl variables
648 <varname>dev.vge.<replaceable>0</replaceable>.stats</varname>.</para>
652 <para>Interrupt moderation with single shot timer and
653 scheme supported by VT61xx controllers have been
654 implemented. The default parameters are tuned to
655 generate interrupt less than 8k per second, and these
656 parameters can be changed via sysctl variables
657 <varname>dev.vge.<replaceable>0</replaceable>.int_holdoff</varname>,
658 <varname>dev.vge.<replaceable>0</replaceable>.rx_coal_pkt</varname>,
660 <varname>dev.vge.<replaceable>0</replaceable>.tx_coal_pkt</varname>.
661 Note that an up/down cycle is needed to make a
662 parameter change take effect.</para>
666 <para>The &man.urtw.4; driver has been improved and now
667 supports RTL8187B-based devices.</para>
669 <para>The &os; Xen netfront driver has been improved in
670 stability and performance./para>
674 <sect3 id="net-proto">
675 <title>Network Protocols</title>
677 <para>&os; flowtable now supports IPv6. This is for per-CPU
678 caching flows as a means of accelerating L3 and L2 lookups
679 as well as providing stateful load balancing when ECMP
680 (Equal-Cost Multi-Path routing) is enabled by <option>option
681 RADIX_MPATH</option>.</para>
683 <para>A new capability flag <literal>LINKSTATE</literal> has
684 been added to <varname>struct
685 ifnet.if_capabilities</varname>. This indicates if the
686 interface can check the link state or not. The
687 &man.ifconfig.8; utility now shows this flag if
690 <para>A new event handler <varname>iflladdr_event</varname>
691 has been added. This signals that the L2 address on an
692 interface has changed, and lets stacked interfaces such as
693 &man.vlan.4; detect that their lower interface has changed
694 and adjust things in order to keep working. This fixes an
695 issue of &man.lagg.4; and &man.vlan.4; configulation.</para>
697 <para>IPcomp (IP Payload Compression Protocol defined in RFC
698 2393) protocol is now enabled by default. Note that this
699 requires <option>option IPSEC</option> in the kernel
700 configuration file and <filename>GENERIC</filename> kernel
701 does not include it. This functionality can be disabled by
702 using a sysctl variable
703 <varname>net.inet.ipcomp.ipcomp_enable</varname>.</para>
705 <para>The &man.ipfw.4; subsystem including &man.dummynet.4;
706 has been updated to <quote>ipfw3</quote> and various bugs
707 have been fixed:</para>
711 <para>The major enhancement is a completely restructured
712 version of &man.dummynet.4;, with support for different
713 packet scheduling algorithms (loadable at runtime),
714 faster queue/pipe lookup, and a much cleaner internal
715 architecture and kernel/userland ABI which simplifies
716 future extensions.</para>
720 <para>All of O(N) sequences in the firewall rule
721 evaluation removed from the kernel critical sections.
722 The worst case is now O(log N).</para>
726 <para>It now supports <literal>ipfw0</literal> pseudo
727 interface for logging similar to &man.pflog.4;. A sysctl
728 <varname>net.inet.ip.fw.verbose=0</varname> enables logging
729 to <literal>ipfw0</literal>, and
730 <varname>net.inet.ip.fw.verbose=1</varname> sends logging to
731 &man.syslog.3; as before.</para>
735 <para>The <literal>me</literal> keyword in the &man.ipfw.4;
736 rule now matches any IPv6 addresses configured on an
737 interface as well as IPv4 ones.</para>
741 <para>A bug that <command>keep-alive</command> rule did
742 not work for IPv6 packets has been fixed.</para>
746 <para>The <literal>lookup</literal> match option has been added.</para>
748 <programlisting>lookup {dst-ip|src-ip|dst-port|src-port|uid|jail} <replaceable>N</replaceable></programlisting>
750 <para>This searches the specified field in table
751 <replaceable>N</replaceable> and sets
752 <literal>tablearg</literal> accordingly. With
753 <literal>dst-ip</literal> or <literal>src-ip</literal>
754 the option replicates two existing options. When used
755 with other arguments, the option can be useful to
756 quickly dispatch traffic based on other fields.</para>
760 <para>A bug in the &man.sysctl.8; variable
761 <varname>ip.fw.one_pass</varname> handling has been
762 fixed. A packet which comes from a pipe without being
763 delayed incorrectly ignored this variable.</para>
767 <para>A memory alignment issue in the &man.ng.ksocket.4; and
768 &man.ng.ppp.4;, Netgraph node drivers have been fixed. This
769 fixes kernel panics due to the misalightment.</para>
771 <para>The &man.ng.bridge.4; and &man.ng.hub.4; Netgraph node
772 drivers now supports a flag <literal>persistent</literal>.
773 It disables automatic node shutdown when the last hook gets
774 disconnected. The new control messages
775 <literal>NGM_BRIDGE_SET_PERSISTENT</literal> and
776 <literal>NGM_HUB_SET_PERSISTENT</literal> have been added
779 <para>The &man.pf.4; subsystem now supports
780 <literal>sloppy</literal> keyword to enable a TCP state
781 machine for tracking TCP connections with no sequence number
782 check. This feature is in the latest version of
783 <application>pf</application>.</para>
785 <para>The &man.pfil.9; framework for packet filtering in &os;
786 kernel now supports separate packet filtering instances like
787 &man.ipfw.4; for each VIMAGE jail.</para>
789 <para>A bug that proxy ARP entries cannot be added over
790 point-to-point link types has been fixed.</para>
792 <para>The &man.tap.4; pseudo interface now reports the link
793 state properly by updating <varname>if_link_state</varname>
794 variable in the kernel.</para>
796 <para>The &man.vlan.4; pseudo interface has been added to
797 <filename>GENERIC</filename> kernel.</para>
799 <para>The &man.vlan.4; pseudo interface now supports TSO (TCP
800 Segmentation Offloading). The capability flag is named as
801 <varname>IFCAP_VLAN_HWTSO</varname> and it is separated from
802 <varname>IFCAP_VLAN_HWTAGGING</varname>. The &man.age.4;,
803 &man.alc.4;, &man.bce.4;, &man.bge.4;, &man.cxgb.4;, &man.jme.4;,
804 &man.re.4;, and &man.mxge.4; driver support this
807 <para>The &man.vlan.4; pseudo interface for IEEE 802.1Q VLAN
808 now ignore renaming of the parent's interface name. The
809 configured VLAN interfaces continue to work with the new
810 name while previously the configurations were removed as the
811 renaming happens.</para>
815 <title>Disks and Storage</title>
817 <para>The &man.ada.4; driver now supports
818 <varname>BIO_DELETE</varname>. For SSDs this uses
819 <literal>TRIM</literal> feature of <literal>DATA SET
820 MANAGEMENT</literal> command, as defined by ACS-2
821 specification working draft. For Compact Flash use
822 <literal>CFA ERASE</literal> command, same as &man.ad.4;
823 does. This change realizes restoring write speed of SSDs
824 which supports <literal>TRIM</literal> command by doing
826 <replaceable>/dev/ada1</replaceable></command>, for
829 <para>The &man.ahci.4; driver now supports SATA part of
830 Marvell 88SE912x controllers.</para>
832 <para>The &man.ahci.4; driver now supports FIS-based (Frame
833 Information Structure) switching of port multiplier on
834 supported controlers.</para>
836 <para>The &man.ahd.4; driver now supports three separated
837 error counters for correctable, uncorrectable, and fatal, in
838 &man.sysctl.8; MIB.</para>
840 <para>A new kernel option <option>option ATA_CAM</option> has
841 been added. This turns &man.ata.4; controller drivers into
842 &man.cam.4; interface modules. When enabled, this option
843 deprecates all &man.ata.4; peripheral drivers and interfaces
844 such as <filename>ad</filename> and
845 <filename>acd</filename>, and allows &man.cam.4; drivers
846 <filename>ada</filename>, and <filename>cd</filename> and
847 interfaces to be natively used instead. Note that this is
848 not enabled by default in the <filename>GENERIC</filename>
851 <para>A bug in the &man.ata.4; driver which can lead to
852 interrupt storms and command timeouts has been fixed.</para>
854 <para>USB mass storage device support in the &man.ata.4;
855 driver has been removed. Note that this was not used in
856 <filename>GENERIC</filename> kernel and the &man.umass.4;
857 driver supports such devices for a long time.</para>
859 <para>&os; &man.cam.3; SCSI framework has been improved:</para>
863 <para>SATA and PATA support has been improved and it now
864 recognizes more detail device capabilities. For example,
865 the &man.ahci.4; and &man.siis.4; driver now reports maximum
866 tag number to the framework to optimize the NCQ
871 <para>A loader tunable
872 <varname>kern.cam.boot_delay</varname> has been added.
873 This controls the delay time before &man.cam.3; probes
874 the attached devices.</para>
878 <para>SCSI error recovery for devices on buses without
879 automatic sense reporting has been improved. Typical
880 devices are on ATAPI and USB. For example, this allows
881 &man.cam.3; to wait, while CD drive loads disk, instead
882 of immediately return error status.</para>
886 <para>The &man.cam.4; ATA transport layer now supports
887 Power-Up In Stand-by (PUIS). The PUIS is a configuration of
888 SATA or PATA drives to prevent them from automatic spin-up
889 when power is applied. A typical application is staggered
892 <para>The &man.cam.4; ATA transport layer now supports
893 negotiating and enabling additional SATA features such as
894 device initiated power management, Automatic Partial to
895 Slumber mode transition, and DMA auto-activation.</para>
897 <para>A livelock issue of the &man.ciss.4; driver under a high
898 load has been fixed.</para>
900 <para>A bug in the &man.fdc.4; driver which prevents the
901 kernel module from unloading has been fixed.</para>
903 <para>The &man.glabel.8; now supports the following sysctl
904 variables for each label type to enable the labeling itself:</para>
906 <programlisting>kern.geom.label.ext2fs.enable
907 kern.geom.label.iso9660.enable
908 kern.geom.label.msdosfs.enable
909 kern.geom.label.ntfs.enable
910 kern.geom.label.reiserfs.enable
911 kern.geom.label.ufs.enable
912 kern.geom.label.ufsid.enable
913 kern.geom.label.gptid.enable
914 kern.geom.label.gpt.enable</programlisting>
916 <para>Note that all of them are also loader tunables. They
917 are enabled (set as <literal>1</literal>) by default.</para>
919 <para>&man.geom.8; providers including complex ones such as
920 &man.gconcat.8;, &man.gmirror.8;, &man.graid3.8,
921 &man.gstripe.8;, and some hardware RAID device drivers like
922 &man.twa.4; now inform its optimal access block size to the
925 <para>The &man.gmirror.8; utility now supports
926 <command>configure <option>-p</option>
927 <replaceable>priority</replaceable></command> command to
928 change the providers priority.</para>
930 <para>The balancing mode algorithm <literal>load</literal>
931 used in the &man.gmirror.8; utility has been changed and it
932 is now the default one instead of
933 <literal>split</literal>:</para>
937 <para>Instead of measuring last request execution time for
938 each drive and choosing one with smallest time, use
939 averaged number of requests, running on each drive. This
940 information is more accurate and timely. It allows to
941 distribute load between drives in more even and
942 predictable way.</para>
946 <para>For each drive track offset of the last submitted
947 request. If new request offset matches previous one or
948 close for some drive, prefer that drive. It allows to
949 significantly speedup simultaneous sequential reads.</para>
953 <para>The &man.gmultipath.8; utility now supports
954 <command>destroy</command>, <command>rotate</command>,
955 <command>getactive</command> commands.</para>
957 <para>A bug in the &man.graid3.8; which causes a panic when a
958 large request arrives has been fixed. This happens when
959 <varname>MAXPHYS</varname> is set as larger than 128k.</para>
961 <para>The default block size of &man.gstripe.8; has been
962 increased from 4k to 64k.</para>
964 <para>The <literal>GEOM_SCHED</literal> module has been added.
965 This supports scheduling disk I/O requests in a device
966 independent manner. A supported algorithm is an
967 anticipatory scheduler <literal>gsched_rr</literal> which
968 gives very nice performance improvements in presence of
969 competing random access patterns. See also &man.gsched.8;
970 manual page for more details.</para>
972 <para>The HAST (Highly Avalable STorage) franework has been
977 <para>This is a framework to allow transparently storing
978 data on two physically separated machines connected over
979 the TCP/IP network. HAST works in Primary-Secondary
980 (Master-Backup, Master-Slave) configuration, which means
981 that only one of the cluster nodes can be active at any
982 given time. Only Primary node is able to handle I/O
983 requests to HAST-managed devices. Currently HAST is
984 limited to two cluster nodes in total.</para>
988 <para>This operates on block level; it provides disk-like
989 devices in <filename>/dev/hast/</filename> directory for
990 use by file systems and/or applications. Working on
991 block level makes it transparent for file systems and
992 applications. There in no difference between using
993 HAST-provided device and raw disk, partition, etc. All
994 of them are just regular &man.geom.8; providers in
999 <para>The userland part consists of &man.hastd.8;,
1000 &man.hastctl.8;, and &man.hast.conf.5;. More datails
1001 can be found at <ulink
1002 url="http://wiki.FreeBSD.org/HAST"></ulink>.</para>
1006 <para>The &man.isp.4; driver has been improved in
1009 <para>The &man.mvs.4; CAM ATA driver for Marvell
1010 88SX50XX/88SX60XX/88SX70XX/SoC SATA controllers has been
1011 added. This driver supports same hardware as the
1012 &man.ata.4; driver does, but provides many additional
1013 features, such as NCQ and PMP.</para>
1015 <para>The &man.siis.4; driver now enables MSI by default on
1016 SiI3124-based devices. This can be disabled by using a
1017 <varname>hint.siis.<replaceable>0</replaceable>.msi</varname>
1018 loader tunable.</para>
1020 <para>The Max Read Request Size in the &man.siis.4; driver for
1021 PCIe chips has been increased from 512 to 1024 bytes for
1022 better performance.</para>
1024 <para>The &man.twa.4; driver has been updated to the latest
1025 version from LSI.</para>
1029 <title>File Systems</title>
1031 <para>The &man.msdosfs.5; subsystem is now MP-safe and a race
1032 condition when a force unmount happens has been
1035 <para>&os; NFS subsystem now supports a timeout for the
1036 negative name cache entries in the client. This avoids a
1037 bogus negative name cache entry from persisting forever when
1038 another client creates an entry with the same name within
1039 the same NFS server time of day clock tick. The mount
1040 option <option>negnametimeo</option> can be used to override
1041 the default timeout interval (60 seconds) on a
1042 per-mount-point basis. a Setting
1043 <option>negnametimeo</option> to <literal>0</literal>
1044 disables negative name caching for the mount point.</para>
1046 <para>A race condition in &os; NFS subsystem that occurs when
1047 &man.nfsiod.8; threads are being created has been fixed.
1048 This also fixes an interoperability issue found in
1049 combination of a &os; NFS client and a Linux NFS
1052 <para>The inode number handling in &man.ffs.7; file system is
1053 now unsigned. Previously some large inode numbers can be
1054 treated as negative, and this issue shows up at file systems
1055 with the size of more than 16Tb in 16k block case. The
1056 &man.newfs.8; utility never create a file system with more
1057 than 2^32 inodes by cutting back on the number of inodes per
1058 cylinder group if necessary to stay under the limit.</para>
1060 <para>The UFS file system (&man.ffs.7;) now supports NFSv4
1063 <para>The UFS file system (&man.ffs.7;) now supports both
1064 32-bit and 64-bit &man.quota.1;. The command
1065 <command>quotacheck -c 64</command> converts the 32-bit
1066 quota to 64-bit. Note that the traditional 32-bit quota
1067 still works with no problem for sizes smaller than 2Tb, and
1068 the quota subsystem is not compilied in
1069 <filename>GENERIC</filename> kernel by default. To enable
1070 it, an option <option>option QUOTA</option> in the kernel
1071 configuration file and recompilation of the kernel.</para>
1073 <para>&os; &man.VFS.9; subsystem now supports a new sysctl
1074 variable <varname>vfs.vlru_allow_cache_src</varname>. This
1075 allow <filename>vnlru</filename> kernel thread to reclaim
1076 of the directory vnodes that are source of the namecache
1077 records. This is not enabled by default because for
1078 typical workload it would make namecache unusable, but
1079 large nested directory tree easily puts any process that
1080 accesses file system into one second wait for
1081 <filename>vnlru</filename> kernel thread.</para>
1083 <para>The ZFS file system has been improved:</para>
1087 <para>It now supports NFSv4 ACL.</para>
1091 <para>The L2ARC code has been improved in stability and
1096 <para>The zpool version has been updated to
1097 version 14. It is now possible to use zpools created on
1098 OpenSolaris 2009.06.</para>
1102 <para>A sysctl variable
1103 <varname>vfs.zfs.txg.write_limit_override</varname> has
1104 been added. This can be used for tuning of ZFS write
1109 <para>ZFS prefech statistics has been added as a sysctl
1111 <varname>kstat.zfs.misc.zfetchstats</varname>.</para>
1115 <para>The &man.zfs.8; <command>zpool export</command>
1116 command now supports <option>-F</option> flag.
1117 When exporting with this flag, <filename>zpool.cache</filename>
1118 remains untouched.</para>
1122 <para>A data corruption issue of <command>zfs
1123 send/receive</command> between two different platforms
1124 has been fixed. Symbolic links could be broken in the
1125 previous releases.</para>
1129 <para>A possible deadlock of <command>zfs
1130 receive</command> has been fixed.</para>
1134 <para>Possible panics of <command>zfs destroy</command>
1135 and <command>zfs rollback</command> have been
1140 <para>A occasional failure of <command>zfs
1141 rename</command> due to a busy state has been
1146 <para>Bugs that <command>zfs snapshot
1147 -r</command> fails when the file system is busy, and
1148 <command>zfs receive</command> can fail with an E2BIG
1149 error, have been fixed.</para>
1155 <sect2 id="userland">
1156 <title>Userland Changes</title>
1158 <para>A bug in &man.bsnmpd.1; program which leads to high CPU
1159 consumption on a loaded system has been fixed.</para>
1161 <para>A bug in &man.bzip2.1; utility which prevented it from
1162 working with multi-session bzip2 files has been fixed.</para>
1164 <para>The &man.camcontrol.8; utility now supports a
1165 <option>-v</option> flag in the subcommand
1166 <command>identify</command>. It displays whole of identify
1169 <para>The &man.camcontrol.8; utility now supports
1170 <option>-d</option> and <option>-f</option> flags in the
1171 subcommand <command>cmd</command>. They specify DMA protocol
1172 or FPDMA (NCQ) protocol to be used for ATA command,
1173 respectively.</para>
1175 <para>The &man.chgrp.1; and &man.chown.8; now support a
1176 <option>-x</option> flag to make it not traverse across
1177 multiple mount points for the recursive operation.</para>
1179 <para>The &man.cp.1; now supports a <option>-x</option> flag to
1180 make it not traverse across multiple mount points for the
1181 recursive operation.</para>
1183 <para>The &man.cp.1;, &man.find.1;, &man.getfacl.1;, &man.mv.1;,
1184 and &man.setfacl.1; utilities now support NFSv4 ACL.</para>
1186 <para>The &man.diskinfo.8; now supports reporting disk stripe
1187 size and offset. This helps users to make file systems
1188 optimally aligned and tuned for better performance.</para>
1190 <para>A bug in &man.ee.1; utility which can crash the
1191 program has been fixed.</para>
1193 <para>A bug in &man.factor.6; utility which leads to performance
1194 degradation has been fixed.</para>
1196 <para>The &man.fetch.1; utility now supports HTTP digest
1197 authentication.</para>
1199 <para>A bug in &man.fetch.1; utility which incorrectly evaluates
1200 a variable <varname>NO_PROXY</varname> has been fixed.</para>
1202 <para>A bug in &man.find.1; utility has been fixed. An option
1203 <option>-newerXB</option> was interpreted as the same as
1204 <option>-newerXm</option>.</para>
1206 <para>A bug in the &man.fnmatch.3; function has been fixed. The
1207 flag <varname>FNM_PERIOD</varname> did not work correctly when
1208 <literal>*</literal> characters were included in the string
1209 and <varname>FNM_PATHNAME</varname> was specified.</para>
1211 <para>A bug in the &man.fsck.ffs.8; utility which causes the
1212 last cylinder group of a UFS1 file system is always reported
1213 as broken even after it is fixed.</para>
1215 <para>The &man.gcore.1; utility now recognizes threads in the
1216 process and handles dumps on a thread scope.</para>
1218 <para>The &man.ifconfig.8; utility now supports manipulation of
1219 NDP flags handled by &man.ndp.8;.</para>
1221 <para>The &man.ifconfig.8; utility now supports a
1222 <command>description
1223 <replaceable>value</replaceable></command> command to add a
1224 description <replaceable>value</replaceable> to the specified
1227 <para>The &man.indent.1; utility now supports a
1228 <option>-ta</option> flag to treat all
1229 <literal>_t</literal>-suffixed identifiers as types.</para>
1231 <para>The <filename>liblzma</filename> library for LZMA2
1232 lossless data compression algorithm and the userland utilities
1233 &man.xz.1;, &man.xzdec.1;, &man.lzma.1;, and &man.lzmainfo.1;.
1234 has been imported. When the old system is upgraded to
1235 &release.current;, deinstalling a version found in the Ports
1236 Collection (<filename>archivers/xz</filename>) and
1237 recompilation of the packages which depend on it may be
1240 <para arch="amd64,i386">The <filename>libz</filename> library
1241 has been improved in performance. For &os/&arch.i386;, note
1242 that this improvement uses instructions only on i686-class CPU
1243 and they are disabled by default. Specifying
1244 <literal>CPUTYPE=pentium4</literal> in
1245 <filename>/etc/make.conf</filename> enables them.</para>
1247 <para>The &man.ln.1; utility now reports an error correctly when
1248 a <option>-f</option> flag and two same file entries were
1249 specified in the command line option. It removed the file
1250 first and then reported a <quote>not found</quote>
1253 <para>The &man.ln.1; utility now removes trailing slash
1254 characters when creating a link to a directory. The followin
1255 command sequence reported an error in the previous
1258 <screen>&prompt.user; mkdir test1 test2
1259 &prompt.user; ln -s ../test2/ test1</screen>
1261 <para>The &man.mount.nfs.8; utility now supports
1262 <literal>[<replaceable>ipaddr</replaceable>]:<replaceable>path</replaceable></literal>
1263 notation in addition to the existing one. This allows IPv6
1264 address in the address field, and a path including
1265 <quote><literal>:</literal></quote> to be mounted.</para>
1267 <para>A bug in the &man.netstat.1; utility that prevents
1268 <command>netstat -f netgraph</command> from working has been
1271 <para>The &man.netstat.1; utility now supports ARP information
1272 in statistics shown by the <option>-s</option> flag.</para>
1274 <para>The &man.netstat.1; utility now supports a <option>-q
1275 <replaceable>number</replaceable></option> option to specify
1276 the number of outputs. This is used in conjunction with
1277 <option>-w</option> option.</para>
1279 <para>The &man.newfs.msdos.8; utility now uses
1280 <literal>NO_NAME</literal> as the default volume label and
1281 <literal>BSD4.4</literal> as the OEM String.</para>
1283 <para>The &man.newsyslog.8; utility does not consider
1284 non-existence of a PID file as an error now. A new flag
1285 <option>-P</option> reverts it to the old behavior.</para>
1287 <para>The &man.ntpd.8; program no longer tries to bind to an
1288 IPv6 anycast address.</para>
1290 <para>The &man.pam.krb5.8; PAM module now supports
1291 <option>no_user_check</option> option. This allows to
1292 authorize a user not known to the local system.</para>
1294 <para>The &man.pathchk.1; utility now supports a
1295 <option>-P</option> flag defined in POSIX-1.2008. This checks
1296 for empty pathnames and components starting with
1297 <quote><literal>-</literal></quote>.</para>
1299 <para>A variable <varname>daily_clean_tmps_ignore</varname>
1300 which is used in the &man.periodic.8; daily script now has
1301 <filename>/tmp/.snap</filename>. This prevents
1302 <filename>/tmp/.snap</filename> from being removed.</para>
1304 <para>The &man.procstat.1; utility now supports two new flags
1305 <option>-i</option> and <option>-j</option> to display
1306 information about signal disposition and pending/blocked
1307 status for signals.</para>
1309 <para>The &man.pwait.1; utility has been added. This is similar
1310 to the Solaris utility of the same name, and waits for any
1311 process to terminate.</para>
1313 <para>A bug in the &man.restore.8; utility which caused short
1314 reads when a option <option>-P</option> was used has been
1317 <para>The &man.rtsold.8; <option>-a</option> flag now excludes
1318 the interfaces which IPv6 or accepting ICMPv6 Router
1319 Advertisement message is disabled from the auto-probed
1320 interface list.</para>
1322 <para>The &man.scandir.3; and &man.alphasort.3; functions has
1323 been updated to conform POSIX.1-2008 (IEEE Std
1324 1003.1-2008).</para>
1326 <para>The &man.sed.1; utility now supports a <option>-r</option>
1327 flag which means exactly the same as a <option>-E</option>
1328 flag. This is for compatibility with the GNU version.</para>
1330 <para>The service name database &man.services.5; (usually in
1331 <filename>/etc/services</filename>) now also supports a
1332 &man.db.3; style database for better lookup performance. The
1333 following entry in <filename>/etc/nsswitch.conf</filename>
1334 enables use of the binary database file:</para>
1336 <programlisting>services: db</programlisting>
1338 <para>Note that the &man.db.3; style database can be created by
1339 &man.services.mkdb.8; at
1340 <filename>/var/db/service.db</filename>.</para>
1342 <para>The &man.sighold.2;, &man.sigignore.2;, &man.sigpause.2;,
1343 &man.sigrelse.2;, and &man.sigset.2; functions have been
1344 implemented for making porting software from System V-like
1345 systems easy. Note that these are defined in POSIX.1-2008 XSI
1346 (IEEE Std 1003.1-2008, X/Open System Interface) but now
1347 obsolete. Since &os; already has another
1348 <function>sigpause(3)</function> function derived from 4.2BSD,
1349 a version of the XSI interface is implemented as
1350 <function>xsi_sigpause()</function>.</para>
1352 <para>The &man.sshd.8;, &man.cron.8;, &man.inetd.8;, and
1353 &man.syslogd.8; programs now set
1354 <literal>MADV_PROTECT</literal> memory flag onto themselves to
1355 protect from being terminated by the &os; kernel when
1356 available memory becomes short. This kind of process
1357 termination happens in a swap-intensive workload.</para>
1359 <para>The &man.stat.1; utility now supports
1360 <literal>%Sf</literal> output specifier to display the file
1361 flags symbolically.</para>
1363 <para>The &man.strsignal.3; function is now thread-safe.</para>
1365 <para>The &man.sysctl.8; utility now supports a
1366 <option>-i</option> flag to ignore failures while retrieving
1367 individual OIDs. This allows the same list of OIDs to be
1368 passed to &man.sysctl.8; across different systems where
1369 particular OIDs may not exist, and still get as much
1370 information as possible from them.</para>
1372 <para>The &man.traceroute.8; utility now performs source address
1373 selection correctly even in a VIMAGE &man.jail.8;
1376 <para>The &man.unifdef.1; utility has been updated to version
1377 1.188. It now supports a new <option>-B</option> flag to
1378 compress blank lines around a deleted section to prevent blank
1379 lines around paragraphs of code from getting doubled.</para>
1381 <para>The &man.unzip.1; utility now supports the rename query
1382 when a file with the same name as the one about to be
1383 extracted already exists.</para>
1385 <para>The &man.unzip.1; utility now supports
1386 <option>-C</option>, <option>-c</option>, <option>-f</option>,
1387 <option>-p</option>, and <option>-v</option> flags which are
1388 compatible with Info-ZIP.</para>
1390 <para>The &man.usbconfig.8; utility now supports a new flag
1391 <option>-d</option> to specify the &man.ugen.4; device, and
1392 <command>add_quirk</command> and
1393 <command>remove_quirk</command> commands.</para>
1395 <para>The &man.whois.1; utility now supports searching IPv6
1396 addresses just like IPv4 without specifying the ARIN server.
1397 A <option>-d</option> flag has been removed becuase it is now
1400 <para>A new errno <varname>ENOTCAPABLE</varname> has been added.
1401 This is to be returned when a process requests an operation on
1402 a file descriptor that is not authorized by the descriptor's
1403 capability flags.</para>
1405 <para>The &man.zfs.8; command now supports a new flag
1406 <option>receive -u</option> to specify that the received ZFS
1407 should not be mounted automatically.</para>
1409 <sect3 id="rc-scripts">
1410 <title><filename>/etc/rc.d</filename> Scripts</title>
1412 <para>The &man.service.8; command has been added. This
1413 provides an easy command-line interface to the
1414 <filename>rc.d</filename> system.</para>
1416 <para>The <filename>rc.d/ipfw</filename> script and
1417 <filename>/etc/rc.firewall</filename> now supports IPv6 and
1418 <filename>rc.d/ip6fw</filename> script and
1419 <filename>/etc/rc.firewall6</filename> are obsolete. Note
1420 that <varname>ipv6_firewall_*</varname> variables in
1421 &man.rc.conf.5; are replaced with
1422 <varname>firewall_client_net_ipv6</varname>,
1423 <varname>firewall_simple_iif_ipv6</varname>,
1424 <varname>firewall_simple_inet_ipv6</varname>,
1425 <varname>firewall_simple_oif_ipv6</varname>,
1426 <varname>firewall_simple_onet_ipv6</varname>.</para>
1428 <para>A new <filename>rc.d</filename> script
1429 <filename>rc.d/rtsold</filename> has been added. This handles
1430 &man.rtsold.8; daemon.</para>
1432 <para>A new <filename>rc.d</filename> script
1433 <filename>rc.d/static_arp</filename> has been added. This allows
1434 the administrator to statically define mappings of MAC
1435 address to IPv4 at boot time. See also the &man.rc.conf.5;
1436 manual page for more details.</para>
1438 <para>The <filename>rc.d/tmp</filename> script now uses a
1439 unique directory name prefixed with
1440 <filename>/tmp/.diskless</filename> instead of
1441 <filename>/tmp/.diskless</filename> itself. This fixes an
1442 issue when <filename>/tmp/.diskless</filename> exists before
1443 the script runs.</para>
1445 <para>A new <filename>rc.d</filename> script
1446 <filename>rc.d/ubthidhci</filename> has been added. This
1447 small script calls &man.usbconfig.8; to change a USB
1448 Bluetooth controller from HID mode to HCI mode.</para>
1450 <para>The &man.rc.conf.5; now supports a
1451 <varname>firewall_coscripts</varname> variable. This should
1452 contain a list of commands which should be excuted after
1453 firewall starts or stops.</para>
1455 <para>The &man.rc.conf.5; now supports configuring
1456 &man.vlan.4; interfaces as child devices similar to
1457 &man.wlan.4; interfaces. &man.vlan.4; interfaces are listed
1459 <varname>vlans_<replaceable>IF</replaceable></varname>
1460 variable. If a VLAN interface is a number, then that number
1461 is treated as the VLAN tag for the interface and the
1462 interface will be named
1463 <varname><replaceable>IF</replaceable>.<replaceable>tag</replaceable></varname>.
1464 Otherwise, the VLAN tag must be provided via a VLAN
1466 <varname>create_args_<replaceable>IF</replaceable></varname>
1471 <sect2 id="contrib">
1472 <title>Contributed Software</title>
1474 <para>The <application>ACPI-CA</application> has been updated to
1477 <para>The <application>awk</application> has been updated from
1478 the 23 October 2007 release to the 26 November 2009 release.</para>
1480 <para><application>ISC BIND</application> has been updated to
1481 version 9.6.2-P2.</para>
1483 <para><application>netcat</application> has been updated to
1486 <para><application>OpenSSH</application> has been updated from
1487 version 5.1p1 to version 5.4p1.</para>
1489 <para><application>OpenSSL</application> has been updated to
1490 version 0.9.8n.</para>
1492 <para><application>sendmail</application> has been updated to
1493 version 8.14.4.</para>
1495 <para>The timezone database has been updated to the
1496 <application>tzdata2010j</application> release.</para>
1500 <title>Release Engineering and Integration</title>
1502 <para>The filename of ISO images for &os; releases now has a
1503 <filename>FreeBSD-</filename> at the beginning.</para>
1505 <para>The supported version of
1506 the <application>GNOME</application> desktop environment
1507 (<filename role="package">x11/gnome2</filename>) has been
1508 updated to 2.28.2.</para>
1510 <para>The supported version of
1511 the <application>KDE</application> desktop environment
1512 (<filename role="package">x11/kde4</filename>) has been
1513 updated to 4.4.3.</para>
1517 <sect1 id="upgrade">
1518 <title>Upgrading from previous releases of &os;</title>
1520 <para arch="amd64,i386">Upgrades between RELEASE versions (and
1521 snapshots of the various security branches) are supported using
1522 the &man.freebsd-update.8; utility. The binary upgrade
1523 procedure will update unmodified userland utilities, as well as
1524 unmodified GENERIC kernel distributed as a part of an
1525 official &os; release. The &man.freebsd-update.8; utility
1526 requires that the host being upgraded has Internet
1527 connectivity.</para>
1529 <para>An older form of binary upgrade is supported through the
1530 <command>Upgrade</command> option from the main
1531 &man.sysinstall.8; menu on CDROM distribution media. This type
1532 of binary upgrade may be useful on non-&arch.i386;,
1533 non-&arch.amd64; machines or on systems with no Internet
1534 connectivity.</para>
1536 <para>Source-based upgrades (those based on recompiling the &os;
1537 base system from source code) from previous versions are
1538 supported, according to the instructions in
1539 <filename>/usr/src/UPDATING</filename>.</para>
1542 <para>Upgrading &os; should, of course, only be attempted after
1543 backing up <emphasis>all</emphasis> data and configuration