1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
19 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
22 <legalnotice id="trademarks" role="trademarks">
32 <para>The release notes for &os; &release.current; contain a summary
33 of the changes made to the &os; base system on the
34 &release.branch; development line.
35 This document lists applicable security advisories that were issued since
36 the last release, as well as significant changes to the &os;
38 Some brief remarks on upgrading are also presented.</para>
43 <title>Introduction</title>
45 <para>This document contains the release notes for &os;
47 describes recently added, changed, or deleted features of &os;.
48 It also provides some notes on upgrading
49 from previous versions of &os;.</para>
51 <![ %release.type.current [
53 <para>The &release.type; distribution to which these release notes
54 apply represents the latest point along the &release.branch; development
55 branch since &release.branch; was created. Information regarding pre-built, binary
56 &release.type; distributions along this branch
57 can be found at <ulink url="&release.url;"></ulink>.</para>
61 <![ %release.type.snapshot [
63 <para>The &release.type; distribution to which these release notes
64 apply represents a point along the &release.branch; development
65 branch between &release.prev; and the future &release.next;.
67 pre-built, binary &release.type; distributions along this branch
68 can be found at <ulink url="&release.url;"></ulink>.</para>
72 <![ %release.type.release [
74 <para>This distribution of &os; &release.current; is a
75 &release.type; distribution. It can be found at <ulink
76 url="&release.url;"></ulink> or any of its mirrors. More
77 information on obtaining this (or other) &release.type;
78 distributions of &os; can be found in the <ulink
79 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
80 &os;</quote> appendix</ulink> to the <ulink
81 url="&url.books.handbook;/">&os;
82 Handbook</ulink>.</para>
86 <para>All users are encouraged to consult the release errata before
87 installing &os;. The errata document is updated with
88 <quote>late-breaking</quote> information discovered late in the
89 release cycle or after the release. Typically, it contains
90 information on known bugs, security advisories, and corrections to
91 documentation. An up-to-date copy of the errata for &os;
92 &release.current; can be found on the &os; Web site.</para>
97 <title>What's New</title>
99 <para>This section describes the most user-visible new or changed
100 features in &os; since &release.prev;.</para>
102 <para>Typical release note items document recent security
103 advisories issued after &release.prev;, new drivers or hardware
104 support, new commands or options, major bug fixes, or
105 contributed software upgrades. They may also list changes to
106 major ports/packages or release engineering practices. Clearly
107 the release notes cannot list every single change made to &os;
108 between releases; this document focuses primarily on security
109 advisories, user-visible changes, and major architectural
112 <sect2 id="security">
113 <title>Security Advisories</title>
115 <para>Problems described in the following security advisories have
116 been fixed. For more information, consult the individual
117 advisories available from
118 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
120 <informaltable frame="none" pgwide="0">
122 <colspec colwidth="1*">
123 <colspec colwidth="1*">
124 <colspec colwidth="3*">
127 <entry>Advisory</entry>
135 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
136 >SA-09:15.ssl</ulink></entry>
137 <entry>3 Dec 2009</entry>
138 <entry><para>SSL protocol flaw</para></entry>
141 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
142 >SA-09:16.rtld</ulink></entry>
143 <entry>3 Dec 2009</entry>
144 <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
147 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
148 >SA-09:17.freebsd-update</ulink></entry>
149 <entry>3 Dec 2009</entry>
150 <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
153 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
154 >SA-10:01.bind</ulink></entry>
155 <entry>6 Jan 2010</entry>
156 <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
159 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
160 >SA-10:02.ntpd</ulink></entry>
161 <entry>6 Jan 2010</entry>
162 <entry><para>ntpd mode 7 denial of service</para></entry>
165 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
166 >SA-10:03.zfs</ulink></entry>
167 <entry>6 Jan 2010</entry>
168 <entry><para>ZFS ZIL playback with insecure permissions</para></entry>
171 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
172 >SA-10:04.jail</ulink></entry>
173 <entry>27 May 2010</entry>
174 <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
177 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
178 >SA-10:05.opie</ulink></entry>
179 <entry>27 May 2010</entry>
180 <entry><para>OPIE off-by-one stack overflow</para></entry>
183 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
184 >SA-10:06.nfsclient</ulink></entry>
185 <entry>27 May 2010</entry>
186 <entry><para>Unvalidated input in nfsclient</para></entry>
189 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
190 >SA-10:07.mbuf</ulink></entry>
191 <entry>13 July 2010</entry>
192 <entry><para>Lost mbuf flag resulting in data corruption</para></entry>
200 <title>Kernel Changes</title>
204 <para>The <command>show mount</command> command in the
205 &man.ddb.4; debugger now prints active string mount
208 <para>Two commands to enable/disable read-ahead has been added
209 to &man.fcntl.2; system call:</para>
213 <para><varname>F_READAHEAD</varname> specifies the amount
214 for sequential access. The amount is specified in bytes and is
215 rounded up to nearest block size.</para>
219 <para><varname>F_RDAHEAD</varname> is a Darwin compatible
220 version that use 128KB as the sequential access
225 <para>Note that the read-ahead amount is also constrainted by
226 sysctl variable <varname>vfs.read_max</varname>, which may
227 need to be raised in order to better utilize this
230 <para>The &man.lindev.4; driver has been added. This is for
231 supporting various linux-specific pseudo devices such as
232 <filename>/dev/full</filename>. Note that this is not
233 included in <filename>GENERIC</filename> kernel.</para>
235 <para>New SDT (Statically Defined Tracing) probes such as ones
236 for opencrypto have been added to &os; &man.dtrace.1;
239 <para arch="powerpc">&os; now supports SMP in PowerPC G5
240 systems. Note that SMP support is disabled by default in
241 <filename>GENERIC</filename> kernel.</para>
243 <para>A bug in the &man.sched.ule.4; scheduler which prevented
244 process usage (<literal>%CPU</literal>) from working correctly
245 has been fixed.</para>
247 <para>The VIMAGE &man.jail.8; virtualization container can work
248 with &man.sctp.4; now. Note that the VIMAGE is not enabled by
249 default in <filename>GENERIC</filename> kernel.</para>
252 <title>Boot Loader Changes</title>
254 <para>A kernel environment variable
255 <varname>vfs.root.mountfrom</varname> now supports
256 multiple elements for root file system in a space-separated
257 list. Each list element will be tried in order and the
258 first available one will be mounted.</para>
260 <para arch="i386">The algorithm the &man.loader.8; uses has
261 been improved to choose a memory range for its heap when
262 using a range above 1MB. This fixes a symptom that the
263 loader fails to load a kernel.</para>
265 <para>The <filename>zfsloader</filename> has been added. This
266 is a separate &man.zfs.8; enabled loader. Note that a ZFS
267 bootcode (<filename>zfsboot</filename> or
268 <filename>gptzfsboot</filename>) need to be installed
269 to use this new loader.</para>
271 <para>The <filename>zfsboot</filename> and
272 <filename>gptzfsboot</filename> bootcode now fully support
273 64-bit LBAs for disk addresses. This allows booting from
274 large volumes.</para>
280 <title>Hardware Support</title>
282 <para arch="powerpc">The <filename>adb</filename> driver now
283 supports for interpreting taps on ADB touchpads as a button
286 <para arch="powerpc">The <filename>apt</filename> driver for
287 the Apple Touchpad present on MacBook has been added to
288 <filename>GENERIC</filename> kernel.</para>
290 <para>The &man.uart.4; driver now supports NetMos NM9865
291 family of Serial/Parallel ports.</para>
294 <title>Multimedia Support</title>
300 <title>Network Interface Support</title>
304 <para>The &man.bge.4; driver now supports 5761, 5784, and
305 57780-based devices.</para>
307 <para>The &man.cxgb.4; driver has been updated to T3
308 firmware 7.8.0.</para>
310 <para>The &man.msk.4; driver now supports Marvell Yukon
311 88E8042, 88E8057 devices and DGE-560SX (Yukon XL).</para>
313 <para>The &man.re.4; driver no longer performs an
314 unnecessary interface up/down during getting IP address
317 <para>The tsec(4) driver now supports &man.altq.4;.</para>
319 <para>The &man.urtw.4; driver has been improved and now
320 supports RTL8187B-based devices.</para>
324 <sect3 id="net-proto">
325 <title>Network Protocols</title>
329 <para>IPcomp (IP Payload Compression Protocol defined in RFC
330 2393) protocol is now enabled by default. Note that this
331 requires <option>option IPSEC</option> in the kernel
332 configuration file and <filename>GENERIC</filename> kernel
333 does not include it. This functionality can be disabled by
334 using a sysctl variable
335 <varname>net.inet.ipcomp.ipcomp_enable</varname>.</para>
337 <para>IPv6 sockets in Linux emulation environment are
338 unconditionally set as <varname>IPV6_V6ONLY</varname>
339 regardless of <varname>net.inet6.ip6.v6only</varname> sysctl
344 <title>Disks and Storage</title>
348 <para>The &man.gmirror.8; utility now supports
349 <command>configure <option>-p</option>
350 <replaceable>priority</replaceable></command> command to
351 change the providers priority.</para>
353 <para>The balancing mode algorithm <literal>load</literal>
354 used in the &man.gmirror.8; utility has been changed and it
355 is now the default one instead of
356 <literal>split</literal>:</para>
360 <para>Instead of measuring last request execution time for
361 each drive and choosing one with smallest time, use
362 averaged number of requests, running on each drive. This
363 information is more accurate and timely. It allows to
364 distribute load between drives in more even and
365 predictable way.</para>
369 <para>For each drive track offset of the last submitted
370 request. If new request offset matches previous one or
371 close for some drive, prefer that drive. It allows to
372 significantly speedup simultaneous sequential reads.</para>
376 <para>A new kernel option <option>option ATA_CAM</option> has
377 been added. This turns &man.ata.4; controller drivers into
378 &man.cam.4; interface modules. When enabled, this option
379 deprecates all &man.ata.4; peripheral drivers and interfaces
380 such as <filename>ad</filename> and
381 <filename>acd</filename>, and allows &man.cam.4; drivers
382 <filename>ada</filename>, and <filename>cd</filename> and
383 interfaces to be natively used instead. Note that this is
384 not enabled by default in the <filename>GENERIC</filename>
387 <para>A bug in the &man.ata.4; driver which can lead to
388 interrupt storms and command timeouts.</para>
390 <para>USB mass storage device support in the &man.ata.4;
391 driver has been removed. Note that this was not used in
392 <filename>GENERIC</filename> kernel and the &man.umass.4;
393 driver supports such devices for a long time.</para>
395 <para>The &man.ahd.4; driver now supports three separated
396 error counters for correctable, uncorrectable, and fatal, in
397 &man.sysctl.8; MIB.</para>
399 <para>SATA and PATA support of &os; &man.cam.3; SCSI framework
400 has been improved and it now recognizes more detail device
401 capabilities. For example, the &man.ahci.4; and
402 &man.siis.4; driver now reports maximum tag number to the
403 framework to optimize the NCQ handling.</para>
407 <title>File Systems</title>
413 <sect2 id="userland">
414 <title>Userland Changes</title>
416 <para>A bug in &man.bsnmpd.1; program which leads to high CPU
417 consumption on a loaded system has been fixed.</para>
419 <para>A bug in &man.bzip2.1; utility which prevented it from
420 working with multi-session bzip2 files.</para>
422 <para>A bug in &man.ee.1; utility which can crash the
423 program has been fixed.</para>
425 <para>A bug in &man.factor.6; utility which leads to performance
426 degradation has been fixed.</para>
428 <para>A bug in &man.fetch.1; utility which incorrectly evaluates
429 a variable <varname>NO_PROXY</varname> has been fixed.</para>
431 <para>The &man.ifconfig.8; utility now supports manipulation of
432 NDP flags handled by &man.ndp.8;.</para>
434 <para>The &man.ntpd.8; program no longer tries to bind to an
435 IPv6 anycast address.</para>
437 <para>The &man.unifdef.1; utility has been updated to version
438 1.188. It now supports a new <option>-B</option> flag to
439 compress blank lines around a deleted section to prevent blank
440 lines around paragraphs of code from getting doubled.</para>
442 <para>A new errno <varname>ENOTCAPABLE</varname> has been added.
443 This is to be returned when a process requests an operation on
444 a file descriptor that is not authorized by the descriptor's
445 capability flags.</para>
447 <sect3 id="rc-scripts">
448 <title><filename>/etc/rc.d</filename> Scripts</title>
452 <para>A new <filename>rc.d</filename> script
453 <filename>static_arp</filename> has been added. This allows
454 the administrator to statically define mappings of MAC
455 address to IPv4 at boot time. See also the &man.rc.conf.5;
456 manual page for more details.</para>
461 <title>Contributed Software</title>
465 <para><application>ISC BIND</application> has been updated to
466 version 9.6.1-P2.</para>
469 <para role="8.0">The <application>ACPI-CA</application> has been
470 updated to 20090521.</para>
472 <para role="8.0">The <application>ee</application> (easy editor) has
473 been updated to 1.5.0. This version is now licensed under a
474 2-clause BSD license, instead of the Artistic license.</para>
476 <para role="8.0">The <application>hostapd</application> has been updated to
477 version 0.6.8 + radius ACL support.</para>
479 <para role="8.0">The <application>less</application> has been updated to
482 <para role="8.0">The <filename>libarchive</filename> library has
483 been updated to version 2.7.0.</para>
485 <para role="8.0">The <filename>libexpat</filename> library has
486 been updated from version 1.95.5 to version 2.0.1.</para>
488 <para role="8.0">The <filename>ncurses</filename> library has been updated
489 to version 5.7-20081102.</para>
491 <para role="8.0"><application>OpenBSM</application> 1.1 from
492 Trusted BSD Project has been merged.</para>
494 <para role="8.0"><application>TCPDUMP</application> has been
495 updated to 4.0.0.</para>
497 <para role="8.0">The timezone database has been updated
498 to the <application>tzdata2009f</application> release.</para>
500 <para role="8.0"><application>wpa_supplicant</application> has been updated to
503 <para role="8.0">The <application>ZFS</application> file system
504 has been updated from version 6 to version 13.</para>
506 <para role="7.1">The <application>am-utils</application> has been updated from
507 version 6.0.10p1 to version 6.1.5.</para>
509 <para role="7.1">The <application>awk</application> has been updated from 1 May
510 2007 release to the 23 October 2007 release.</para>
512 <para role="7.1">The <application>bzip2</application> has been updated from
513 version 1.0.4 to version 1.0.5.</para>
515 <para role="7.1">The <application>CVS</application> has been updated to
516 version 1.11.22.1.</para>
518 <para role="7.1"><application>NTP</application> has been updated to version
521 <para role="7.1"><application>OpenPAM</application> has been updated from the
522 Figwort release to the Hydrangea release.</para>
524 <para role="7.1"><application>OpenSSH</application> has been updated from
525 version 4.5p1 to version 5.1p1.</para>
527 <para role="7.1">The &man.resolver.3; library has been updated to
528 one of <application>ISC BIND</application> 9.4.3.</para>
530 <para role="7.1"><application>sendmail</application> has been updated from
531 version 8.14.2 to version 8.14.4.</para>
536 <title>Ports/Packages Collection Infrastructure</title>
542 <title>Release Engineering and Integration</title>
544 <para>The supported version of
545 the <application>GNOME</application> desktop environment
546 (<filename role="package">x11/gnome2</filename>) has been
547 updated to 2.28.2.</para>
549 <para>The supported version of
550 the <application>KDE</application> desktop environment
551 (<filename role="package">x11/kde4</filename>) has been
552 updated to 4.4.3.</para>
557 <title>Upgrading from previous releases of &os;</title>
559 <para arch="amd64,i386">Upgrades between RELEASE versions (and
560 snapshots of the various security branches) are supported using
561 the &man.freebsd-update.8; utility. The binary upgrade
562 procedure will update unmodified userland utilities, as well as
563 unmodified GENERIC kernel distributed as a part of an
564 official &os; release. The &man.freebsd-update.8; utility
565 requires that the host being upgraded has Internet
568 <para>An older form of binary upgrade is supported through the
569 <command>Upgrade</command> option from the main
570 &man.sysinstall.8; menu on CDROM distribution media. This type
571 of binary upgrade may be useful on non-&arch.i386;,
572 non-&arch.amd64; machines or on systems with no Internet
575 <para>Source-based upgrades (those based on recompiling the &os;
576 base system from source code) from previous versions are
577 supported, according to the instructions in
578 <filename>/usr/src/UPDATING</filename>.</para>
581 <para>Upgrading &os; should, of course, only be attempted after
582 backing up <emphasis>all</emphasis> data and configuration