release/doc/en_US.ISO8859-1/relnotes/article.sgml

   1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
   2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
   3 %articles.ent;
   4
   5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
   6 %release;
   7 ]>
   8
   9 <article>
  10 <articleinfo>
  11   <title>&os; &release.current; Release Notes</title>
  12
  13   <corpauthor>The &os; Project</corpauthor>
  14
  15   <pubdate>$FreeBSD$</pubdate>
  16
  17   <copyright>
  18     <year>2010</year>
  19     <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
  20   </copyright>
  21
  22   <legalnotice id="trademarks" role="trademarks">
  23     &tm-attrib.freebsd;
  24     &tm-attrib.ibm;
  25     &tm-attrib.ieee;
  26     &tm-attrib.intel;
  27     &tm-attrib.sparc;
  28     &tm-attrib.general;
  29   </legalnotice>
  30
  31   <abstract>
  32     <para>The release notes for &os; &release.current; contain a summary
  33       of the changes made to the &os; base system on the
  34       &release.branch; development line.
  35       This document lists applicable security advisories that were issued since
  36       the last release, as well as significant changes to the &os;
  37       kernel and userland.
  38       Some brief remarks on upgrading are also presented.</para>
  39   </abstract>
  40 </articleinfo>
  41
  42 <sect1 id="intro">
  43   <title>Introduction</title>
  44
  45   <para>This document contains the release notes for &os;
  46     &release.current;.  It
  47     describes recently added, changed, or deleted features of &os;.
  48     It also provides some notes on upgrading
  49     from previous versions of &os;.</para>
  50
  51 <![ %release.type.current [
  52
  53   <para>The &release.type; distribution to which these release notes
  54     apply represents the latest point along the &release.branch; development
  55     branch since &release.branch; was created.  Information regarding pre-built, binary
  56     &release.type; distributions along this branch
  57     can be found at <ulink url="&release.url;"></ulink>.</para>
  58
  59 ]]>
  60
  61 <![ %release.type.snapshot [
  62
  63   <para>The &release.type; distribution to which these release notes
  64     apply represents a point along the &release.branch; development
  65     branch between &release.prev; and the future &release.next;.
  66     Information regarding
  67     pre-built, binary &release.type; distributions along this branch
  68     can be found at <ulink url="&release.url;"></ulink>.</para>
  69
  70 ]]>
  71
  72 <![ %release.type.release [
  73
  74   <para>This distribution of &os; &release.current; is a
  75     &release.type; distribution.  It can be found at <ulink
  76     url="&release.url;"></ulink> or any of its mirrors.  More
  77     information on obtaining this (or other) &release.type;
  78     distributions of &os; can be found in the <ulink
  79     url="&url.books.handbook;/mirrors.html"><quote>Obtaining
  80     &os;</quote> appendix</ulink> to the <ulink
  81     url="&url.books.handbook;/">&os;
  82     Handbook</ulink>.</para>
  83
  84 ]]>
  85
  86   <para>All users are encouraged to consult the release errata before
  87     installing &os;.  The errata document is updated with
  88     <quote>late-breaking</quote> information discovered late in the
  89     release cycle or after the release.  Typically, it contains
  90     information on known bugs, security advisories, and corrections to
  91     documentation.  An up-to-date copy of the errata for &os;
  92     &release.current; can be found on the &os; Web site.</para>
  93
  94 </sect1>
  95
  96   <sect1 id="new">
  97     <title>What's New</title>
  98
  99     <para>This section describes the most user-visible new or changed
 100       features in &os; since &release.prev;.</para>
 101
 102     <para>Typical release note items document recent security
 103       advisories issued after &release.prev;, new drivers or hardware
 104       support, new commands or options, major bug fixes, or
 105       contributed software upgrades.  They may also list changes to
 106       major ports/packages or release engineering practices.  Clearly
 107       the release notes cannot list every single change made to &os;
 108       between releases; this document focuses primarily on security
 109       advisories, user-visible changes, and major architectural
 110       improvements.</para>
 111
 112     <sect2 id="security">
 113       <title>Security Advisories</title>
 114
 115       <para>Problems described in the following security advisories have
 116         been fixed.  For more information, consult the individual
 117         advisories available from
 118         <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
 119
 120       <informaltable frame="none" pgwide="0">
 121         <tgroup cols="3">
 122           <colspec colwidth="1*">
 123           <colspec colwidth="1*">
 124           <colspec colwidth="3*">
 125             <thead>
 126               <row>
 127                 <entry>Advisory</entry>
 128                 <entry>Date</entry>
 129                 <entry>Topic</entry>
 130               </row>
 131             </thead>
 132
 133             <tbody>
 134               <row>
 135                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
 136                               >SA-09:15.ssl</ulink></entry>
 137                 <entry>3&nbsp;Dec&nbsp;2009</entry>
 138                 <entry><para>SSL protocol flaw</para></entry>
 139               </row>
 140               <row>
 141                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
 142                               >SA-09:16.rtld</ulink></entry>
 143                 <entry>3&nbsp;Dec&nbsp;2009</entry>
 144                 <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
 145               </row>
 146               <row>
 147                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
 148                               >SA-09:17.freebsd-update</ulink></entry>
 149                 <entry>3&nbsp;Dec&nbsp;2009</entry>
 150                 <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
 151               </row>
 152               <row>
 153                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
 154                               >SA-10:01.bind</ulink></entry>
 155                 <entry>6&nbsp;Jan&nbsp;2010</entry>
 156                 <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
 157               </row>
 158               <row>
 159                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
 160                               >SA-10:02.ntpd</ulink></entry>
 161                 <entry>6&nbsp;Jan&nbsp;2010</entry>
 162                 <entry><para>ntpd mode 7 denial of service</para></entry>
 163               </row>
 164               <row>
 165                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
 166                               >SA-10:03.zfs</ulink></entry>
 167                 <entry>6&nbsp;Jan&nbsp;2010</entry>
 168                 <entry><para>ZFS ZIL playback with insecure permissions</para></entry>
 169               </row>
 170               <row>
 171                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
 172                               >SA-10:04.jail</ulink></entry>
 173                 <entry>27&nbsp;May&nbsp;2010</entry>
 174                 <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
 175               </row>
 176               <row>
 177                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
 178                               >SA-10:05.opie</ulink></entry>
 179                 <entry>27&nbsp;May&nbsp;2010</entry>
 180                 <entry><para>OPIE off-by-one stack overflow</para></entry>
 181               </row>
 182               <row>
 183                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
 184                               >SA-10:06.nfsclient</ulink></entry>
 185                 <entry>27&nbsp;May&nbsp;2010</entry>
 186                 <entry><para>Unvalidated input in nfsclient</para></entry>
 187               </row>
 188               <row>
 189                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
 190                               >SA-10:07.mbuf</ulink></entry>
 191                 <entry>13&nbsp;July&nbsp;2010</entry>
 192                 <entry><para>Lost mbuf flag resulting in data corruption</para></entry>
 193               </row>
 194             </tbody>
 195         </tgroup>
 196       </informaltable>
 197     </sect2>
 198
 199     <sect2 id="kernel">
 200       <title>Kernel Changes</title>
 201
 202       <para></para>
 203
 204       <para>The <command>show mount</command> command in the
 205         &man.ddb.4; debugger now prints active string mount
 206         options.</para>
 207
 208       <para>Two commands to enable/disable read-ahead has been added
 209         to &man.fcntl.2; system call:</para>
 210
 211       <itemizedlist>
 212         <listitem>
 213           <para><varname>F_READAHEAD</varname> specifies the amount
 214             for sequential access.  The amount is specified in bytes and is
 215             rounded up to nearest block size.</para>
 216         </listitem>
 217
 218         <listitem>
 219           <para><varname>F_RDAHEAD</varname> is a Darwin compatible
 220             version that use 128KB as the sequential access
 221             size.</para>
 222         </listitem>
 223       </itemizedlist>
 224
 225       <para>Note that the read-ahead amount is also constrainted by
 226         sysctl variable <varname>vfs.read_max</varname>, which may
 227         need to be raised in order to better utilize this
 228         feature.</para>
 229
 230       <para>The &man.lindev.4; driver has been added.  This is for
 231         supporting various linux-specific pseudo devices such as
 232         <filename>/dev/full</filename>.  Note that this is not
 233         included in <filename>GENERIC</filename> kernel.</para>
 234
 235       <para>New SDT (Statically Defined Tracing) probes such as ones
 236         for opencrypto have been added to &os; &man.dtrace.1;
 237         subsystem.</para>
 238
 239       <para arch="powerpc">&os; now supports SMP in PowerPC G5
 240         systems.  Note that SMP support is disabled by default in
 241         <filename>GENERIC</filename> kernel.</para>
 242
 243       <para>A bug in the &man.sched.ule.4; scheduler which prevented
 244         process usage (<literal>%CPU</literal>) from working correctly
 245         has been fixed.</para>
 246
 247       <para>The VIMAGE &man.jail.8; virtualization container can work
 248         with &man.sctp.4; now.  Note that the VIMAGE is not enabled by
 249         default in <filename>GENERIC</filename> kernel.</para>
 250
 251       <sect3 id="boot">
 252         <title>Boot Loader Changes</title>
 253
 254         <para>A kernel environment variable
 255           <varname>vfs.root.mountfrom</varname> now supports
 256           multiple elements for root file system in a space-separated
 257           list.  Each list element will be tried in order and the
 258           first available one will be mounted.</para>
 259
 260         <para arch="i386">The algorithm the &man.loader.8; uses has
 261           been improved to choose a memory range for its heap when
 262           using a range above 1MB.  This fixes a symptom that the
 263           loader fails to load a kernel.</para>
 264
 265         <para>The <filename>zfsloader</filename> has been added.  This
 266           is a separate &man.zfs.8; enabled loader.  Note that a ZFS
 267           bootcode (<filename>zfsboot</filename> or
 268           <filename>gptzfsboot</filename>) need to be installed
 269           to use this new loader.</para>
 270
 271         <para>The <filename>zfsboot</filename> and
 272           <filename>gptzfsboot</filename> bootcode now fully support
 273           64-bit LBAs for disk addresses.  This allows booting from
 274           large volumes.</para>
 275
 276         <para></para>
 277       </sect3>
 278
 279       <sect3 id="proc">
 280         <title>Hardware Support</title>
 281
 282         <para arch="powerpc">The <filename>adb</filename> driver now
 283           supports for interpreting taps on ADB touchpads as a button
 284           click.</para>
 285
 286         <para arch="powerpc">The <filename>apt</filename> driver for
 287           the Apple Touchpad present on MacBook has been added to
 288           <filename>GENERIC</filename> kernel.</para>
 289
 290         <para>The &man.uart.4; driver now supports NetMos NM9865
 291           family of Serial/Parallel ports.</para>
 292
 293         <sect4 id="mm">
 294           <title>Multimedia Support</title>
 295
 296           <para></para>
 297         </sect4>
 298
 299         <sect4 id="net-if">
 300           <title>Network Interface Support</title>
 301
 302           <para></para>
 303
 304           <para>The &man.bge.4; driver now supports 5761, 5784, and
 305             57780-based devices.</para>
 306
 307           <para>The &man.cxgb.4; driver has been updated to T3
 308             firmware 7.8.0.</para>
 309
 310           <para>The &man.msk.4; driver now supports Marvell Yukon
 311             88E8042, 88E8057 devices and DGE-560SX (Yukon XL).</para>
 312
 313           <para>The &man.re.4; driver no longer performs an
 314             unnecessary interface up/down during getting IP address
 315             via DHCP.</para>
 316
 317           <para>The tsec(4) driver now supports &man.altq.4;.</para>
 318
 319           <para>The &man.urtw.4; driver has been improved and now
 320             supports RTL8187B-based devices.</para>
 321         </sect4>
 322       </sect3>
 323
 324       <sect3 id="net-proto">
 325         <title>Network Protocols</title>
 326
 327         <para></para>
 328
 329         <para>IPcomp (IP Payload Compression Protocol defined in RFC
 330           2393) protocol is now enabled by default.  Note that this
 331           requires <option>option IPSEC</option> in the kernel
 332           configuration file and <filename>GENERIC</filename> kernel
 333           does not include it.  This functionality can be disabled by
 334           using a sysctl variable
 335           <varname>net.inet.ipcomp.ipcomp_enable</varname>.</para>
 336
 337         <para>IPv6 sockets in Linux emulation environment are
 338           unconditionally set as <varname>IPV6_V6ONLY</varname>
 339           regardless of <varname>net.inet6.ip6.v6only</varname> sysctl
 340           variable.</para>
 341       </sect3>
 342
 343       <sect3 id="disks">
 344         <title>Disks and Storage</title>
 345
 346         <para></para>
 347
 348         <para>The &man.gmirror.8; utility now supports
 349           <command>configure <option>-p</option>
 350             <replaceable>priority</replaceable></command> command to
 351           change the providers priority.</para>
 352
 353         <para>The balancing mode algorithm <literal>load</literal>
 354           used in the &man.gmirror.8; utility has been changed and it
 355           is now the default one instead of
 356           <literal>split</literal>:</para>
 357
 358         <itemizedlist>
 359           <listitem>
 360             <para>Instead of measuring last request execution time for
 361               each drive and choosing one with smallest time, use
 362               averaged number of requests, running on each drive. This
 363               information is more accurate and timely. It allows to
 364               distribute load between drives in more even and
 365               predictable way.</para>
 366           </listitem>
 367
 368           <listitem>
 369             <para>For each drive track offset of the last submitted
 370               request. If new request offset matches previous one or
 371               close for some drive, prefer that drive.  It allows to
 372               significantly speedup simultaneous sequential reads.</para>
 373           </listitem>
 374         </itemizedlist>
 375
 376         <para>A new kernel option <option>option ATA_CAM</option> has
 377           been added.  This turns &man.ata.4; controller drivers into
 378           &man.cam.4; interface modules.  When enabled, this option
 379           deprecates all &man.ata.4; peripheral drivers and interfaces
 380           such as <filename>ad</filename> and
 381           <filename>acd</filename>, and allows &man.cam.4; drivers
 382           <filename>ada</filename>, and <filename>cd</filename> and
 383           interfaces to be natively used instead.  Note that this is
 384           not enabled by default in the <filename>GENERIC</filename>
 385           kernel.</para>
 386
 387         <para>A bug in the &man.ata.4; driver which can lead to
 388           interrupt storms and command timeouts.</para>
 389
 390         <para>USB mass storage device support in the &man.ata.4;
 391           driver has been removed.  Note that this was not used in
 392           <filename>GENERIC</filename> kernel and the &man.umass.4;
 393           driver supports such devices for a long time.</para>
 394
 395         <para>The &man.ahd.4; driver now supports three separated
 396           error counters for correctable, uncorrectable, and fatal, in
 397           &man.sysctl.8; MIB.</para>
 398
 399         <para>SATA and PATA support of &os; &man.cam.3; SCSI framework
 400           has been improved and it now recognizes more detail device
 401           capabilities.  For example, the &man.ahci.4; and
 402           &man.siis.4; driver now reports maximum tag number to the
 403           framework to optimize the NCQ handling.</para>
 404       </sect3>
 405
 406       <sect3 id="fs">
 407         <title>File Systems</title>
 408
 409         <para></para>
 410       </sect3>
 411     </sect2>
 412
 413     <sect2 id="userland">
 414       <title>Userland Changes</title>
 415
 416       <para>A bug in &man.bsnmpd.1; program which leads to high CPU
 417         consumption on a loaded system has been fixed.</para>
 418
 419       <para>A bug in &man.bzip2.1; utility which prevented it from
 420         working with multi-session bzip2 files.</para>
 421
 422       <para>A bug in &man.ee.1; utility which can crash the
 423         program has been fixed.</para>
 424
 425       <para>A bug in &man.factor.6; utility which leads to performance
 426         degradation has been fixed.</para>
 427
 428       <para>A bug in &man.fetch.1; utility which incorrectly evaluates
 429         a variable <varname>NO_PROXY</varname> has been fixed.</para>
 430
 431       <para>The &man.ifconfig.8; utility now supports manipulation of
 432         NDP flags handled by &man.ndp.8;.</para>
 433
 434       <para>The &man.ntpd.8; program no longer tries to bind to an
 435         IPv6 anycast address.</para>
 436
 437       <para>The &man.unifdef.1; utility has been updated to version
 438         1.188.  It now supports a new <option>-B</option> flag to
 439         compress blank lines around a deleted section to prevent blank
 440         lines around paragraphs of code from getting doubled.</para>
 441
 442       <para>A new errno <varname>ENOTCAPABLE</varname> has been added.
 443         This is to be returned when a process requests an operation on
 444         a file descriptor that is not authorized by the descriptor's
 445         capability flags.</para>
 446
 447       <sect3 id="rc-scripts">
 448         <title><filename>/etc/rc.d</filename> Scripts</title>
 449
 450         <para></para>
 451
 452         <para>A new <filename>rc.d</filename> script
 453           <filename>static_arp</filename> has been added.  This allows
 454           the administrator to statically define mappings of MAC
 455           address to IPv4 at boot time.  See also the &man.rc.conf.5;
 456           manual page for more details.</para>
 457       </sect3>
 458     </sect2>
 459
 460     <sect2 id="contrib">
 461       <title>Contributed Software</title>
 462
 463       <para></para>
 464
 465       <para><application>ISC BIND</application> has been updated to
 466         version 9.6.1-P2.</para>
 467 <!--
 468
 469       <para role="8.0">The <application>ACPI-CA</application> has been
 470         updated to 20090521.</para>
 471
 472       <para role="8.0">The <application>ee</application> (easy editor) has
 473         been updated to 1.5.0.  This version is now licensed under a
 474         2-clause BSD license, instead of the Artistic license.</para>
 475
 476       <para role="8.0">The <application>hostapd</application> has been updated to
 477         version 0.6.8 + radius ACL support.</para>
 478
 479       <para role="8.0">The <application>less</application> has been updated to
 480         version v436.</para>
 481
 482       <para role="8.0">The <filename>libarchive</filename> library has
 483         been updated to version 2.7.0.</para>
 484
 485       <para role="8.0">The <filename>libexpat</filename> library has
 486         been updated from version 1.95.5 to version 2.0.1.</para>
 487
 488       <para role="8.0">The <filename>ncurses</filename> library has been updated
 489         to version 5.7-20081102.</para>
 490
 491       <para role="8.0"><application>OpenBSM</application> 1.1 from
 492         Trusted BSD Project has been merged.</para>
 493
 494       <para role="8.0"><application>TCPDUMP</application> has been
 495         updated to 4.0.0.</para>
 496
 497       <para role="8.0">The timezone database has been updated
 498         to the <application>tzdata2009f</application> release.</para>
 499
 500       <para role="8.0"><application>wpa_supplicant</application> has been updated to
 501         version 0.6.8</para>
 502
 503       <para role="8.0">The <application>ZFS</application> file system
 504         has been updated from version 6 to version 13.</para>
 505
 506       <para role="7.1">The <application>am-utils</application> has been updated from
 507         version 6.0.10p1 to version 6.1.5.</para>
 508
 509       <para role="7.1">The <application>awk</application> has been updated from 1 May
 510         2007 release to the 23 October 2007 release.</para>
 511
 512       <para role="7.1">The <application>bzip2</application> has been updated from
 513         version 1.0.4 to version 1.0.5.</para>
 514
 515       <para role="7.1">The <application>CVS</application> has been updated to
 516         version 1.11.22.1.</para>
 517
 518       <para role="7.1"><application>NTP</application> has been updated to version
 519         4.2.4p5.</para>
 520
 521       <para role="7.1"><application>OpenPAM</application> has been updated from the
 522         Figwort release to the Hydrangea release.</para>
 523
 524       <para role="7.1"><application>OpenSSH</application> has been updated from
 525         version 4.5p1 to version 5.1p1.</para>
 526
 527       <para role="7.1">The &man.resolver.3; library has been updated to
 528         one of <application>ISC BIND</application> 9.4.3.</para>
 529
 530       <para role="7.1"><application>sendmail</application> has been updated from
 531         version 8.14.2 to version 8.14.4.</para>
 532 -->
 533     </sect2>
 534
 535     <sect2 id="ports">
 536       <title>Ports/Packages Collection Infrastructure</title>
 537
 538       <para></para>
 539     </sect2>
 540
 541     <sect2 id="releng">
 542       <title>Release Engineering and Integration</title>
 543
 544       <para>The supported version of
 545         the <application>GNOME</application> desktop environment
 546         (<filename role="package">x11/gnome2</filename>) has been
 547         updated to 2.28.2.</para>
 548
 549       <para>The supported version of
 550         the <application>KDE</application> desktop environment
 551         (<filename role="package">x11/kde4</filename>) has been
 552         updated to 4.4.3.</para>
 553     </sect2>
 554   </sect1>
 555
 556   <sect1 id="upgrade">
 557     <title>Upgrading from previous releases of &os;</title>
 558
 559     <para arch="amd64,i386">Upgrades between RELEASE versions (and
 560       snapshots of the various security branches) are supported using
 561       the &man.freebsd-update.8; utility.  The binary upgrade
 562       procedure will update unmodified userland utilities, as well as
 563       unmodified GENERIC kernel distributed as a part of an
 564       official &os; release.  The &man.freebsd-update.8; utility
 565       requires that the host being upgraded has Internet
 566       connectivity.</para>
 567
 568     <para>An older form of binary upgrade is supported through the
 569       <command>Upgrade</command> option from the main
 570       &man.sysinstall.8; menu on CDROM distribution media.  This type
 571       of binary upgrade may be useful on non-&arch.i386;,
 572       non-&arch.amd64; machines or on systems with no Internet
 573       connectivity.</para>
 574
 575     <para>Source-based upgrades (those based on recompiling the &os;
 576       base system from source code) from previous versions are
 577       supported, according to the instructions in
 578       <filename>/usr/src/UPDATING</filename>.</para>
 579
 580     <important>
 581       <para>Upgrading &os; should, of course, only be attempted after
 582         backing up <emphasis>all</emphasis> data and configuration
 583         files.</para>
 584     </important>
 585   </sect1>
 586 </article>