&os; &release.current; Release Notes

&os; &release.current; Release Notes The &os; Project $FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.xml 241096 2012-10-01 11:26:49Z gabor $ 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Security Advisories Kernel Changes A new &man.cpuset.2; API has been added for thread to CPU binding and CPU resource grouping and assignment. The &man.cpuset.1; userland utility has been added to allow manipulation of processor sets. The &man.ddb.4; kernel debugger now has an output capture facility. Input and output from &man.ddb.4; can now be captured to a memory buffer for later inspection using &man.sysctl.8; or a textdump. The new capture command controls this feature. The &man.ddb.4; debugger now supports a simple scripting facility, which supports a set of named scripts consisting of a set of &man.ddb.4; commands. These commands can be managed from within &man.ddb.4; or with the use of the new &man.ddb.8; utility. More details can be found in the &man.ddb.4; manual page. The kernel now supports a new textdump format of kernel dumps. A textdump provides higher-level information via mechanically generated/extracted debugging output, rather than a simple memory dump. This facility can be used to generate brief kernel bug reports that are rich in debugging information, but are not dependent on kernel symbol tables or precisely synchronized source code. More information can be found in the &man.textdump.4; manual page. Kernel support for M:N threading has been removed. While the KSE (Kernel Scheduled Entities) project was quite successful in bringing threading to FreeBSD, the M:N approach taken by the KSE library was never developed to its full potential. Backwards compatibility for applications using KSE threading will be provided via &man.libmap.conf.5; for dynamically linked binaries. The &os; Project greatly appreciates the work of &a.julian;, &a.deischen;, and &a.davidxu; on KSE support. The &os; kernel now exports information about certain kernel features via the kern.features sysctl tree. The &man.feature.present.3; library call provides a convenient interface for user applications to test the presence of features. The &os; kernel now has support for large memory page mappings (superpages). The ULE scheduler is now the default process scheduler in GENERIC kernels. Boot Loader Changes The BTX kernel used by the boot loader has been changed to invoke BIOS routines from real mode. This change makes it possible to boot &os; from USB devices. A new gptboot boot loader has been added to support booting from a GPT labeled disk. A new boot command has been added to &man.gpt.8;, which makes a GPT disk bootable by writing the required bits of the boot loader, creating a new boot partition if required. Hardware Support The &man.cmx.4; driver, a driver for Omnikey CardMan 4040 PCMCIA smartcard readers, has been added. The &man.syscons.4; driver now supports Colemak keyboard layout. The &man.uslcom.4; driver, a driver for Silicon Laboratories CP2101/CP2102-based USB serial adapters, has been imported from OpenBSD. Multimedia Support Network Interface Support The &man.ale.4; driver has been added to provide support for Atheros AR8121/AR8113/AR8114 Gigabit/Fast Ethernet controllers. The &man.em.4; driver has been split into two drivers with some common parts. The &man.em.4; driver will continue to support adapters up to the 82575, as well as new client/desktop adapters. A new &man.igb.4; driver will support new server adapters. The &man.jme.4; driver has been added to provide support for PCIe network adapters based on JMicron JMC250 Gigabit Ethernet and JMC260 Fast Ethernet controllers. The &man.malo.4; driver has been added to provide support for Marvell Libertas 88W8335 based PCI network adapters. The firmware for the &man.mxge.4; driver has been updated from 1.4.25 to 1.4.29. The &man.sf.4; driver has been overhauled to improve its performance and to add support for checksum offloading. It should also work on all architectures. The &man.re.4; driver has been overhauled to fix a number of issues. This driver now has Wake On LAN (WOL) support. The &man.vr.4; driver has been overhauled to fix a number of outstanding issues. It also now works on all architectures. The &man.wpi.4; driver has been updated to include a number of stability fixes. Network Protocols The &man.bpf.4; packet filter and capture facility now supports a zero-copy mode of operation, in which buffers are loaned from a user process to the kernel. This feature can be enabled by setting the net.bpf.zerocopy_enable sysctl variable to 1. ISDN4BSD(I4B), netatm, and all related subsystems have been removed due to lack of multi-processor support. A bug in TCP options padding, where the wrong padding bytes were used, has been fixed. The IEEE 802.11s element identifiers have been updated to reflect the final version of the amendment. This update breaks compatibility with older mesh setups but is necessary as the previous IDs are used by another amendment leading to unexpected results when trying to associate with an accesspoint using the affected IDs. Disks and Storage The &man.aac.4; driver now supports volumes larger than 2TB in size. The &man.ata.4; driver now supports a spindown command for disks; after a configurable amount of time, if no requests have been received for a disk, the disk will be spun down until the next request. The &man.atacontrol.8; utility now supports a spindown command to configure this feature. The &man.hptrr.4; driver has been updated to version 1.2 from Highpoint. File Systems A problem with using &man.mmap.2; on ZFS filesystems has been fixed. A new kernel-mode NFS lock manager has been added, improving performance and behavior of NFS locking. A new &man.clear.locks.8; command has been added to clear locks held on behalf of an NFS client. The ZFS file system has been upgraded to version 28. Changes include Data Deduplication, Triple parity RAIDZ, and zfs diff. Userland Changes The &man.adduser.8; utility now supports a option to set the mode of a new user's home directory. BSD-licensed versions of &man.ar.1; and &man.ranlib.1;, based on libarchive, have replaced the GNU Binutils versions of these utilities. BSD-licensed versions of &man.bc.1; and &man.dc.1; have replaced their GNU counterparts. &man.chflags.1; now supports a flag for verbose output and a flag to ignore errors with the same semantics as (for example) &man.chmod.1;. For compatibility with other implementations, &man.cp.1; now supports a flag, which is equivalent to specifying the flags. BSD-licensed version of &man.cpio.1; based on libarchive, has replaced the GNU cpio. Note that the GNU cpio is still installed as gcpio. The &man.env.1; program now supports which will completely unset the given variable name by removing it from the environment, instead of just setting it to a null value. The &man.fdopendir.3; library function has been added. The &man.fetch.3; library now support HTTP 1.1 If-Modified-Since behavior. The &man.fetch.1; program now supports which will only download the specified HTTP URL if the content is newer than filename. &man.find.1; has been enhanced by the addition of a number of primaries that were present in GNU find but not &os; &man.find.1;. &man.kgdb.1; now supports a new add-kld command to make it easier to debug crash dumps with kernel modules. The &man.ls.1; program now supports a option to specify a date format string to be used with the long format () output. &man.nc.1; now supports a switch to disable the use of TCP options. &man.nc.1;'s switch has been deprecated. It will be removed in a future release. The &man.ping6.8; utility now returns 2 when the packet transmission was successful but no responses were received (this is the same behavior as &man.ping.8;). It returned a non-zero value before this change. The &man.procstat.1; utility has been added to display detailed information about processes. The &man.realpath.1; utility now supports a flag to suppress warnings; it now also accepts multiple paths on its command line. &man.sh.1; has many bug fixes, some new features, and will now refuse to parse some invalid scripts. Additionally, it now has filename completion and defaults to the "emacs" editing mode. The &man.split.1; utility now supports a flag to split a file into a certain number of chunks. The &man.tar.1; utility now supports a flag to enable &man.compress.1;-style compression/decompression. The &man.tar.1; utility now supports a flag to ignore user/group names on create and extract. The &man.tar.1; utility now supports an flag to sparsify files on extraction. The &man.tar.1; utility now supports a flag to substitute filenames based on the specified regular expression. The &man.tcgetsid.3; library function has been added to return the process group ID for the session leader for the controlling terminal. It is defined in IEEE Std 1003.1-2001 (POSIX). &man.top.1; now supports a flag to provide per-CPU usage statistics. &man.zdump.8; is now working properly on 64 bit architectures. &man.traceroute.8; now has the ability to print the AS number for each hop with the new switch; a new option allows selecting a particular WHOIS server. &man.traceroute6.8; now supports a flag to send probe packets with no upper-layer protocol, rather than the usual UDP probe packets. <filename>/etc/rc.d</filename> Scripts Contributed Software AMD has been updated from 6.0.10 to 6.1.5. awk has been updated from 1 May 2007 release to the 23 October 2007 release. bzip2 has been updated from 1.0.4 to 1.0.5. CVS has been updated from 1.11.17 to a post-1.11.22 snapshot from 10 March 2008. FILE has been updated from 4.23 to 5.03. hostapd has been updated from 0.5.8 to 0.5.10. IPFilter has been updated from 4.1.23 to 4.1.28. less has been updated from v408 to v429. ncurses has been updated from 5.6-20061217 to 5.6-20080503. OpenSSH has been updated from 4.5p1 to 5.1p1. OpenPAM has been updated from the Figwort release to the Hydrangea release. sendmail has been updated from 8.14.1 to 8.14.5. The timezone database has been updated from the tzdata2008h release to the tzdata2009m release. The stdtime part of libc, &man.zdump.8 and &man.zic.8 have been updated from the tzcode2004a release to the tzcode2009h release. If you have upgraded from source or via the &man.freebsd-update.8, then please run &man.tzsetup.8 to install a new /etc/localtime. WPA Supplicant has been updated from 0.5.8 to 0.5.10. xz has been updated from snapshot as of 12 April 2010 to 5.0.0. Ports/Packages Collection Infrastructure The &man.pkg.create.1; utility now supports . When this option is specified and a package tarball exists, it will not be overwritten. This is useful when multiple packages are saved with several consecutive runs of &man.pkg.create.1; with the options. The pkg_sign and pkg_check utilities for cryptographically signing &os; packages have been removed. They were only useful for packages compressed using &man.gzip.1;; however &man.bzip2.1; compression has been the norm for some time now. Release Engineering and Integration The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.20.1 to 2.22. Documentation Upgrading from previous releases of &os; Beginning with &os; 6.2-RELEASE, binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC or SMP kernels distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.

&os; &release.current; Release Notes The &os; Project $FreeBSD$ 2011 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Security Advisories Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from . Advisory Date Topic SA-10:08.bzip2 20 September 2010 Integer overflow in bzip2 decompression SA-10:10.openssl 29 November 2010 OpenSSL multiple vulnerabilities Kernel Changes The maximum number of pages used for DMA bounce buffer pool has been increased from 256 to 1024. The default value of kern.hz has been increased from 100 to 1000. The SMP kernel now works on MPC7400-based Apple desktop machines such as PowerMac3,3. &os;/powerpc now supports DMA bounce buffer which is required on systems with larger RAM than 4GB. &os;/mips support has been improved. It now supports SMP on a SWARM with a dual-core Sibyte processor. &os;/mips now supports Netlogic Microsystems' XLR and XLS multi-core processor families. &os;/sparc64 now supports reservation-based physical memory allocation which provides better performance. &os;/amd64 now always sets the KVA space as equal to or larger than physical memory size. The default size was calculated based on one-third of the physical memory size by a code derived from one for i386. It has been changed because constraints for memory space are not severe on amd64 and this change would help to prevent a kmem_map too small panic which often occurs when using ZFS. CPU topology detection for Intel CPUs has been improved. ACPI suspend/resume functionality support has been improved. &os; kernel now supports kern_fpu_enter() and kern_fpu_leave() KPIs which allow the kernel subsystems to use XMM register files used in Intel SSE (Streaming SIMD Extensions). The &man.acpi.4; driver now uses ACPI Reset Register capability by default only when a flag in the FADT which indicates it is available. This behavior was controlled by a &man.sysctl.8; variable hw.acpi.handle_reboot and the default value was always set to 0. The &man.acpi.4; driver now supports new loader tunables hw.acpi.install_interface and hw.acpi.remove_interface. For more details, see &man.acpi.4; manual page. The &man.alq.9; support has been improved. The alq_writen() and alq_getn() KPIs have been extended to support variable length messages, which is enabled at ALQ creation time depending on the arguments passed to alq_open(). Also, the ALQ_NOACTIVATE and ALQ_ORDERED flags have been added to allow ALQ consumers to have more control over I/O scheduling and resource acquisition respectively. These extensions are fully backward compatible. The &man.alq.9; support is now provided as a kernel module alq.ko. The &man.ddb.8; kernel debugger now supports an optional delay in reset and reboot commands. This allows an administrator to break the system into debugger and trigger automatic textdump when an unattended panic occurs. The &man.ddb.8; kernel debugger now supports a show cdev command. This displays the list of all created cdev's, consisting of devfs node name and struct cdev address. The &os; GENERIC kernel is now compiled with and options. From 8.2-RELEASE the kernel supports displaying a stack trace on panic by using &man.stack.9; facility with no debugger backend like &man.ddb.8;. Note that this does not change the default behaviors of the GENERIC kernel on panic. The following &man.sysctl.8; variables are also now loader tunables: vm.kmem_size, vm.kmem_size_max, and vm.kmem_size_min, debug.kdb.stop_cpus, debug.trace_on_panic, and kern.sync_on_panic. Also, new &man.sysctl.8; variables vm.kmem_map_size for the current kmem map size and vm.kmem_map_free for largest contiguous free range in kmem map, vfs.ncsizefactor for size factor for namecache, and vfs.ncnegfactor for ratio of negative namecache entries have been added. The &os; &man.memguard.9; framework has been improved to make it able to detect use-after-free of allocated memories over a longer time. For more details, see &man.memguard.9; manual page. PT_LWPINFO request to obtain information about the kernel thread that caused the traced process to stop in the &man.ptrace.2; process tracing and debugging facility has been improved. It now reports system call entry and leave events, as well as availability of siginfo_t accompanying the reported signal. The &os; &man.crypto.4; framework (opencrypto) now supports XTS-AES (XEX-TCB-CTS, or XEX-based Tweaked Code Book mode with CipherText Stealing), which is defined in IEEE Std. 1619-2007. Xen HVM support in &os;/amd64 kernel has been improved. For more details, see &man.xen.4; manual page. The qpi(4) pseudo bus driver has been added. This supports extra PCI buses on Intel QPI chipsets where various hardware such as memory controllers for each socket is connected. Boot Loader Changes &os; now fully supports GPT (GUID Partition Table). Checksums of primary header and primary partition table are verified properly now. Memory management issues that prevented &os; OpenFirmware loader and netbooting from working have been fixed. The &man.pxeboot.8; now uses NFS version 3 instead of version 2 by default. Hardware Support The &man.aesni.4; driver has been added. This supports AES accelerator on Intel CPUs and accelerates AES operations for &man.crypto.4;. The &man.aibs.4; driver has been added. This supports the hardware sensors in ASUS motherboards and replaces the &man.acpi.aiboost.4; driver. The &man.coretemp.4; driver now supports Xeon 5500/5600 series. &os;/powerpc now supports the I2C bus in Apple System Management Unit. A device driver that supports CPU temperature sensors on PowerMac 11,2 has been added. The &man.ehci.4;, &man.ohci.4;, and &man.uhci.4; driver now support LOW speed BULK transfer mode. The &man.ichwd.4; driver now supports Intel NM10 Express chipset watchdog timer. The &man.tpm.4; driver, which supports Trusted Platform Module has been added. The xhci(4) driver, which supports Extensible Host Controller Interface (xHCI) and USB 3.0, has been added. Multimedia Support The &os; Linux emulation subsystem now supports the video4linux API. This requires native video4linux hardware drivers such as the ones provided by multimedia/pwcbsd and multimedia/webcamd. MIDI input buffer size in the &man.uaudio.4; driver has been changed. This fixes a problem where the input appears several seconds late. An issue in the &man.uaudio.4; driver that prevented some USB audio devices from working has been fixed. Network Interface Support The &man.alc.4; driver now supports Atheros AR8151/AR8152 PCIe Gigabit/Fast Ethernet controllers. A bug in the &man.alc.4; driver was fixed that could lead to a system freeze when the system was booted without a cable plugged in. This symptom was found in AR8132 on EEE PC. The TX interrupt moderation timer in the &man.alc.4; driver has been reduced from 50ms to 1ms. The 50ms timer resulted in a poor UDP performance. The &man.axe.4; driver has been improved for stability and better performance on the TX packet rate. The &man.bge.4; driver now supports BCM5718 x2 PCI Express dual-port gigabit Ethernet controller family. This family is the successor to the BCM5714/BCM5715 family and supports IPv4/IPv6 checksum offloading, TSO, VLAN hardware tagging, jumbo frames, MSI/MSIX, IOV, RSS and TSS. The current version of the driver supports all hardware features except IOV and RSS/TSS. A bug in the &man.bge.4; driver which prevented TSO from working in BCM57780 has been fixed. A bug in the &man.bge.4; driver that could wrongly disable the TX checksum offloading feature as well when one tries to disable only the RX checksum offloading has been fixed. Some improvements for reliability of the &man.bge.4; driver with BCM5906 controller has been made. The &man.bge.4; driver now supports hardware MAC statistics in controller's internal memory for BCM5705 or newer Broadcom controllers. These counters can be accessed via &man.sysctl.8; variable dev.bge.N.stats.* and provide useful information to diagnose driver issues. UDP checksum offloading in the &man.bge.4; driver has been disabled by default. This is because Broadcom controllers have a bug which can generate UDP datagrams with checksum value 0 when TX UDP checksum offloading is enabled. The checksum offloading can be enabled by using the following loader tunable: dev.bge.N.forced_udpcsum A bug in the &man.bge.4; driver that could lead to poor performance on a system with more than 4 GB RAM has been fixed. The cause was that all of Broadcom controllers except the BCM5755 and later have a bug in 4 GB-boundary DMA processing and used the bounce buffer in an inefficient way. The &man.bwi.4; driver, which supports Broadcom BCM430* and BCM431* family Wireless Ethernet controllers, has been added. This is not compiled into the GENERIC kernel because there are some problems. The kernel module if_bwi.ko is available and can be loaded without recompiling the kernel to enable this driver. A bug in the &man.bwn.4; driver that prevented WPA authentication from working has been fixed. A bug in the &man.cdce.4; driver has been fixed. The &man.cxgb.4; driver now supports the following new &man.sysctl.8; variables: hw.cxgb.nfilters sets the maximum number of entries in the hardware filter table, dev.cxgbc.N.pkt_timestamp provides packet timestamp instead of connection hash, and dev.cxgbc.N.core_clock provides the core clock frequency in kHz. The &man.em.4; driver has been updated to version 7.1.9. The &man.igb.4; driver has been updated to version 2.0.7. The &man.em.4; and &man.igb.4; drivers now provide statistics counters as &man.sysctl.8; MIB objects. The &man.em.4; and &man.igb.4; drivers now support the &man.led.4; interface via /dev/led/emN and /dev/led/igbN for identification LED control. The following command line makes the LED blink on em0: &prompt.root; echo f2 > /dev/led/em0 The &man.epair.4; virtual Ethernet interface driver now supports explicit UP/DOWN linkstate. This fixes an issue when it is used with the &man.carp.4; protocol. The &man.fxp.4; driver now supports TSO over VLAN on i82550 and i82551 controllers. The &man.iwn.4; driver now supports Intel Wireless WiFi Link 6000 series. The firmware has been updated to version 9.221.4.1. The &man.ixgbe.4; driver is now also provided as a kernel module. The &man.ixgbe.4; driver has been updated to version 2.3.8. It now supports 82599, better interrupt handling, hardware assist to LRO, VM SRIOV interface, and so on. The &man.miibus.4; has been rewritten for the generic IEEE 802.3 annex 31B full duplex flow control support. The &man.alc.4;, &man.bge.4;, &man.bce.4;, &man.cas.4;, &man.fxp.4;, &man.gem.4;, &man.jme.4;, &man.msk.4;, &man.nfe.4;, &man.re.4;, &man.stge.4;, and &man.xl.4; drivers along with atphy(4), bmtphy(4), brgphy(4), e1000phy(4), gentbi(4), inphy(4), ip1000phy(4), jmphy(4), nsgphy(4), nsphyter(4), and &man.rgephy.4; have been updated to support flow control via this facility. The &man.mwlfw.4; driver is now also provided as a kernel module. A bug in the &man.mxge.4; driver that prevented TSO from working has been fixed. The &man.nfe.4; driver now supports WoL (Wake on LAN). The &man.re.4; driver now supports 64-bit DMA addressing for RTL810xE/RTL8168/RTL8111 PCIe controllers. The &man.re.4; driver now supports hardware interrupt moderation of TX completion interrupts on RTL8169/RTL8168 controllers. The &man.rl.4; driver now supports WoL (Wake on LAN) on RTL8139B or newer controllers. The &man.rl.4; driver now supports reading hardware statistics counters by setting a &man.sysctl.8; variable dev.rl.N.stats to 1. The &man.rl.4; driver now supports a device hint to change a way of register access. Although some newer RTL8139 controllers support memory-mapped register access, it is difficult to detect the support automatically. For this reason the driver uses I/O mapping by default and provides the following device hint. If it is set to 0, the driver uses memory mapping for register access. hint.rl.N.prefer_iomap="0" Note that the default value is 1. The &man.rl.4; driver has improved interrupt handling. It now has better TX performance under high RX load. A bug in the &man.sk.4; driver has been fixed. It did not program the station address for Yukon controllers and overriding the station address with &man.ifconfig.8; was not possible. The &man.sk.4; driver now disables TX checksum offloading by default. This is because some revisions of the Yukon controller generate corrupted frames. The checksum offloading can be enabled manually by using option in the &man.ifconfig.8; utility. The &man.sis.4; driver now works on all supported platforms. Some stability and performance issues have also been fixed. The &man.sis.4; driver now supports WoL (Wake on LAN) on NS DP8315 controller. A tunable dev.sis.N.manual_pad for the &man.sis.4; driver has been added. This controls whether padding with 0x00 for short frames is done by CPU, rather than the controller. The reason why this tunable has been added is that NS DP83815/DP83816 pads them with 0xff though RFC 1042 specifies it should be 0x00. The tunable is disabled by default, which means padding with 0xff is used because padding with 0x00 by software needs extra CPU cycles. Enabling manual_pad, by setting this &man.sysctl.8; variable to a non-zero value, forces the use of software padding. The &man.ste.4; driver now supports a device hint to change the device register access mode. The driver uses memory-mapped register access by default, but this caused stability problems with some old IC Plus Corp (formerly Sundace) controllers. The following device hint makes the driver use I/O mapping for register access: hint.ste.N.prefer_iomap="1" The &man.xl.4; driver now supports WoL (Wake on LAN). Note that not all controllers support this functionality and some need an additional remote wakeup cable. Network Protocols An issue in the &man.carp.4; pseudo interface and linkstate changes of the underlying interfaces has been fixed. This happened when a &man.carp.4; interface was created before the underlying interface and its linkstate became UP. A bug in the &man.ipfw.4; packet filter subsystem has been fixed. The &man.sysctl.8; variable net.inet.ip.fw.one_pass did not work for netgraph action and in-kernel NAT. A new loader tunable net.link.ifqmaxlen has been added. It specifies the default value of send interface queue length. The default value for this parameter is 50. The ngtee action in the &man.ipfw.4; packet filter subsystem has been changed. It no longer accepts a packet. A possible panic in the &man.ipfw.4; pseudo interface for logging has been fixed. IPsec flow distribution has been improved for more parallel processing. A bug in the &os; IPv4 stack that prevented adding a proxy ARP entry over &man.netgraph.4; interfaces has been fixed. A bug in the &os; IPv6 stack that prevented an in the &man.ping6.8; utility from working with net.inet6.ip6.use_defaultzone=1 has been fixed. The &man.lagg.4; interface now supports a &man.sysctl.8; variable net.link.lagg.failover_rx_all. This controls whether to accept input packets on any link in a failover lagg. The &man.ng.eiface.4; &man.netgraph.4; node now supports VLAN-compatible MTU and an MTU size which is larger than 1500. The &man.ng.ether.4; &man.netgraph.4; node now supports interface transfer between multiple virtual network stacks by &man.ifconfig.8; vnet command. A &man.ng.ether.4; node associated with a network interface is now destroyed and recreated when the network interface is moved to another vnet. A new &man.netgraph.4; node &man.ng.patch.4; has been added. This performs data modification of packets passing through. Modifications are restricted to a subset of C language operations on unsigned integers of 8, 16, 32 or 64-bit size. An ICMP unreachable problem in the &man.pf.4; packet filter subsystem when TSO support is enabled has been fixed. The TCP bandwidth delay product window limiting algorithm controlled by the &man.sysctl.8; variable net.inet.tcp.inflight.enable is now disabled by default. It has been found that this algorithm is inefficient on a fast network with smaller RTT than 10ms. It had been enabled by default since 5.2-RELEASE, and then had been disabled only if the RTT was lesser than 10ms since 7.0-RELEASE. Pluggable TCP congestion control algorithm modules are planned to be added for the future releases. A bug in &os; TCP Path MTU discovery which could lead to a wrong calculation for an MTU smaller than 256 octets has been fixed. Note that this bug did not affect MTUs equal to or larger than 256 octets. The &os; TCP reassembly implementation has been improved. A long-standing accounting bug affecting SMP systems has been fixed and the net.inet.tcp.reass.maxqlen &man.sysctl.8; variable has been retired in favor of a per-connection dynamic limit based on the receive socket buffer size. &os; receivers now handle packet loss (particularly losses caused by queue overflows) significantly better than before which improves connection throughput. The TCP initial window increase in RFC 3390 which can be controlled by a &man.sysctl.8; variable net.inet.tcp.rfc3390 now reduces the congestion window to the restart window if a TCP connection has been idle for one retransmit timeout or more. For more details, see RFC 5681 Section 4.1. The &man.siftr.4;, Statistical Information For TCP Research (SIFTR) kernel module has been added. This is a facility that logs a range of statistics on active TCP connections to a log file. It provides the ability to make highly granular measurements of TCP connection state, aimed at system administrators, developers and researchers. &os; virtual network stack (vnet) now supports IPv4 multicast routing. The IEEE 802.11s element identifiers have been updated to reflect the final version of the amendment. This update breaks compatibility with older mesh setups but is necessary as the previous IDs are used by another amendment leading to unexpected results when trying to associate with an accesspoint using the affected IDs. Disks and Storage The &man.ahci.4; driver now disables NCQ and PMP support on VIA VT8251 because they are unreliable under load. The &man.ahci.4; driver now uses 15 seconds for device reset timeout instead of 10 seconds because some devices need 10 - 12 seconds to spin up. The &man.arcmsr.4; driver has been updated to version 1.20.00.19. The &man.ada.4; driver now supports a new &man.sysctl.8; variable kern.cam.ada.spindown_shutdown which controls whether or not to spin-down disks when shutting down if the device supports the functionality. The default value is 1. The &man.ata.4; driver now supports limiting initial ATA mode for devices via device hints hint.devname.unit.devN.mode or hint.devname.unit.mode. The valid values are the same as ones supported in the &man.atacontrol.8; and &man.camcontrol.8; utilities. The &man.ata.4; driver now disables cable status check on both controller and device side when the loader tunable hw.ata.ata_dma_check_80pin is 0. The check on controller side was performed regardless of this loader tunable. The &man.ata.4; driver now reports SATA power management capabilities to the &man.CAM.4; layer when is enabled. This allows a device to initiate transitions if controller configured to accept it. This makes hint.ata.N.pm_level=1 mode work. The &man.ata.4; driver has been improved on hotplugging and connection speed reporting support for some Intel SATA controllers including ICH5 and ICH8+ operating in legacy mode. An issue of device detection of Serverworks K2 SATA controllers in the &man.ata.4; has been fixed. A bug in the &man.ata.4; driver that prevented some Silicon Image chipsets from working on big endian systems has been fixed. The &man.gconcat.8; GEOM class now supports kernel crash dump. The dumping is performed to the component where a dump partition begins. A bug in the &man.geli.8; GEOM class on little endian platforms has been fixed. The metadata version for newly created providers has been updated to 4 due to this. Providers with the older versions are fully interoperable with 8.2-RELEASE and later by being treated as ones with the native byte order flag automatically. The &man.geli.8; GEOM class now supports a &man.sysctl.8; variable kern.geom.eli.overwrites. This specifies the number of times on-disk keys should be overwritten when destroying them. The default value is 5. The &man.geli.8; GEOM class has been improved for preventing the same encryption key from being used in 2^20 blocks (sectors). The &man.geli.8; GEOM class now uses XTS-AES mode by default. A &man.sysctl.8; variable kern.geom.eli.debug now allows a value -1. This means turn off any log messages of the &man.geli.8; GEOM class. The &man.mpt.4; driver now supports larger I/O sizes which the device and &man.CAM.4; subsystem can support. This was limited to 64KB, and the number of scatter/gather segments was limited to 33 on platforms with 4K pages. The &man.twa.4; driver has been updated. The version number is 3.80.06.003. File Systems The &man.linprocfs.5; Linux process file system now supports proc/$$/environment. The &os; NFS client now supports a kernel environment variable boot.nfsroot.nfshandlelen. This lets the diskless root file system on boot to use NFS version 3 and the specified file handle length. If this variable is not set, NFS version 2 is used. The ZFS on-disk format has been updated to version 15. The ZFS metaslab code has been updated. This provides a noticeable improvement on write speed, especially on pools with less than 30% of free space. The related OpenSolaris Bug IDs are 6826241, 6869229, 6918420, and 6917066. The ZFS now supports offlining of log devices. The related OpenSolaris Bug IDs are 6599442, 6726045, and 6803605. Performance improvements for the ZFS have been imported from OpenSolaris. They include caching of ACL permission checks, faster handling of &man.stat.2;, mitigation of mutex lock contention. The related OpenSolaris Bug IDs are 6802734, 6844861, 6848431, 6775100, 6827779, 6857433, 6860318, 6865875, 6867395, 6868276, and 6870564. The default value of vfs.zfs.vdev.max_pending has been decreased from 35 to 10 (OpenSolaris Bug ID is 6891731) to improve latency. Various bugs in the ZFS subsystem have been fixed. The related OpenSolaris Bug IDs are: 6328632, 6396518, 6501037, 6504953, 6542860, 6551866, 6572357, 6572376, 6582163, 6586537, 6595194, 6596237, 6604992, 6621164, 6623978, 6633095, 6635482, 6664765, 6674216, 6696242, 6696858, 6702206, 6710376, 6713916, 6717022, 6722540, 6722991, 6737463, 6739487, 6739553, 6740164, 6745863, 6747596, 6747698, 6748436, 6755435, 6757430, 6758107, 6759986, 6759999, 6761100, 6761406, 6764124, 6765294, 6767129, 6769612, 6770866, 6774713, 6774886, 6775697, 6776104, 6776548, 6780491, 6784104, 6784108, 6785914, 6788152, 6788830, 6789318, 6790064, 6790345, 6790687, 6791064, 6791066, 6791071, 6791101, 6792134, 6792139, 6792884, 6793430, 6794136, 6794570, 6794830, 6797109, 6797118, 6798384, 6798878, 6799895, 6800184, 6800942, 6801507, 6801810, 6803343, 6803822, 6804954, 6807339, 6807765, 6809340, 6809683, 6809691, 6810367, 6815592, 6815893, 6816124, 6818183, 6821169, 6821170, 6822816, 6824006, 6824062, 6824968, 6826466, 6826468, 6826469, 6826470, 6826471, 6826472, 6827260, 6830237, 6830541, 6833162, 6833711, 6833999, 6834217, 6836714, 6836768, 6838062, 6838344, 6841321, 6843014, 6843069, 6843235, 6844069, 6844900, 6847229, 6848242, 6856634, 6857012, 6861983, 6862984, 6863610, 6870564, 6880764, 6882227, 6892298, 6898245, 6906110, 6906946, 6939941, 6950219, 6951024, and 6953403. Userland Changes The &man.arp.8; utility has been improved. It now runs faster even when a single interface has a number of aliases. A bug in the &man.b64decode.1; utility that prevented an option from handling arbitrary breaks in a base64 encoded string has been fixed. The &man.calendar.1; utility now supports repeating events which span multiple years, lunar events, and solar events. The &man.dhclient.8; utility now reports a reason for exiting and the 10-second period in which the &man.dhclient.8; ignores routing messages has been changed to start just after dhclient-script starts instead of just after it finished. This change fixes a symptom that &man.dhclient.8; silently exits under a certain condition. Userland support for the &man.dtrace.1; subsystem has been added. This allows inspection of userland software itself and its correlation with the kernel, thus allowing a much better picture of what exactly is going on behind the scenes. The &man.dtruss.1; utility has been added and the libproc library has been updated to support the facility. The &man.du.1; utility now supports a option to display entries that exceeds the value of threshold. If the value is negative, it displays entries with a value less than the absolute value of threshold. The &man.fdisk.8; utility now supports partitions which are provided by &man.gjournal.8; or &man.geli.8; GEOM classes. The &man.gcore.1; utility now supports an flag which forces a full dump of all the segments except for the malformed ones. The &man.geli.8; utility now supports resize subcommand to resize encrypted file systems after growing it. The &man.geli.8; utility now supports suspend and resume subcommands. The suspend subcommand makes &man.geli.8; devices wait for all in-flight I/O requests, suspend new I/O requests, remove all &man.geli.8; sensitive data from the kernel memory (like encryption keys) and will wait for either geli resume or geli detach command. For more information, see &man.geli.8; manual page. The &man.geli.8; utility now checks the metadata provider size strictly. If the check fails, the provider is not attached. A new option can override this behavior. The &man.geli.8; utility now supports and options for loading passphrase from a file. The gethost*(), getnet*(), and getproto*() functions now set the errno to ERANGE and the NSS backend terminates with NS_RETURN when the result buffer size is too small. The &man.gpart.8; utility now supports a resize command to resize partitions for all schemes but EBR. The &man.gpart.8; utility now supports backup and restore subcommands to backup partition tables and restore them. The &man.gpart.8; utility now handles given geom/provider names with and without /dev/ prefix. The &man.gpart.8; utility now supports an option for the destroy subcommand. This option forces destroying of the partition table even if it is not empty. The &man.gpart.8; utility now supports a recover subcommand for GPT partition tables. A corrupted GPT is now marked when the following three types of corruption: Primary GPT header or table is corrupted. Secondary GPT header or table is corrupted. Secondary GPT header is not located at the last LBA. Changes to the corrupted GPT table are not allowed except for destroy and recover subcommands. The &man.gpart.8; utility now supports GPT_ENT_ATTR_BOOTME, GPT_ENT_ATTR_BOOTONCE, and GPT_ENT_ATTR_BOOTFAILED attributes in GPT. The attribute keywords in the command line are bootme, bootonce, and bootfailed respectively. An issue in the &man.newfs.8; utility has been fixed. A UFS1 file system created with 64KB blocksize was incorrectly recognized as one with a broken superblock. This is because the &os; kernel checks a partition first for a UFS2 superblock at 64KB offset while it is possible that a UFS1 file systems with 64KB blocksize has an alternative superblock at the same location. For example, a file system created by newfs -U -O 1 -b 65536 -f 8192 could lead to this symptom. The &man.hastd.8; utility now supports SIGHUP for reloading the configuration file. When SIGTERM or SIGINT is received, the worker processes terminate. The &man.ifconfig.8; utility now check an invalid CIDR subnet notation more strictly. It wrongly accepted 10.0.0.1/10.0.0.1 as 10.0.0.1/10. An accuracy issue in the &man.jn.3; and &man.jnf.3; functions in libm has been fixed. Incorrect behaviors in stuttering sequences and reverse ranges in the &man.jot.1; utility have been fixed. The libarchive library and &man.tar.1; utility now support LZMA (Lempel-Ziv-Markov chain-Algorithm) compression format. The &man.tar.1; utility now supports a blocksize which is up to 8192 (4MB) in the option. A bug in the &man.lpr.1; utility that prevented it from working with some files on a ZFS file system has been fixed. The option in the &man.mount.8; utility now displays the rw mount option correctly as in the &man.fstab.5; format. The &man.ncal.1; utility has been updated. The option has been replaced with and . Options to show previous, current and next month, and to show months after current month have been added. The option now prints only the month, not the whole year. The &man.newsyslog.8; utility now supports an option to override the default &man.syslogd.8; PID file. The &man.newsyslog.8; utility now supports a special log file name <include> for processing file inclusion. Globbing in the file name and circular dependency detection are supported. For more details, see the &man.newsyslog.conf.5; manual page. The &man.ntpd.8; utility is now compiled with shared memory reference clock driver. For example, GPS devices can be used as source of precise time via astro/gpsd in the Ports Collection. An off-by-one error in the &man.pax.1; utility when ustar file name is too long has been fixed. The &man.pkill.1; utility now supports an option like the &man.kill.1; utility does. The &man.pmcstat.8; utility now supports a file and a network socket as a top source. A new option specifies to send log output to filename, and another new option specifies to receive events from filename. For a socket, the filename is in a form of ipaddr:port. This allows top monitoring over TCP on a system with no local symbols, for example. The &man.pom.6; utility now supports a flag to print only the percentage. The &man.powerd.8; utility now supports an and to control the minimum and maximum frequency, respectively. The &man.ruptime.1; utility now displays hostnames longer than 12 characters. A behavior of the &man.sh.1; program when an option is specified has been changed. The special parameters $@@ and $* no longer cause an error when there are no positional parameters. A bug in the &man.sh.1; program has been fixed. A SIGINT signal is now passed through from a child process if the shell is interactive and the job control is enabled. For example, aborting &man.sleep.1; command by Ctrl-C no longer display ok in the following command line: &prompt.user; sleep 5; echo ok The &man.sh.1; program now supports a bg command consisting solely of redirections. For example: &prompt.user; < /dev/null & The &man.sleep.1; utility now supports the SIGINFO signal and reports the specified sleep time and the remaining time. The &man.tftp.1; and &man.tftpd.8; utilities have been improved for better interoperability and they now support RFC 1350, 2347, 2348, 2349, and 3617. A bug in [=]=] equivalent class handling in the &man.tr.1; utility has been fixed. A closing bracket immediately after [= was incorrectly treated as special. The &man.uname.1; utility now supports an flag as a synonym for the flag for compatibility with other systems. Bugs in &man.vi.1; utility have been fixed. They include handling of ^@@ and ^C in insert mode when reading an ex command. The &man.watchdogd.8; program now uses MADV_PROTECT memory flag to protect itself from being terminated by the &os; kernel when available memory becomes short. This kind of process termination happens in a swap-intensive workload. The set sharenfs command in the &man.zfs.8; utility now supports option. <filename>/etc/periodic</filename> Scripts A periodic script for zfs scrub has been added. For more details, see &man.periodic.conf.5; manual page. A periodic script which can be used to find installed ports' files with mismatched checksum has been added. For more details, see the &man.periodic.conf.5; manual page. Contributed Software The ACPI-CA has been updated to 20101013. The &man.ee.1; program has been updated to version 1.5.2. ISC BIND has been updated to version 9.6-ESV-R3. netcat has been updated to version 4.8. OpenSSL has been updated to version 0.9.8q. sendmail has been updated to version 8.14.5. The timezone database has been updated to the tzdata2010o release. The xz has been updated from snapshot as of 12 April 2010 to 5.0.0 release Ports/Packages Collection Infrastructure The &man.pkg.create.1; utility now supports LZMA (xz) compression. Note that the default is still bzip2. Release Engineering and Integration The &man.sysinstall.8; utility now uses the following numbers for default and minimum partition sizes: 1GB for /, 4GB for /var, and 1GB for /tmp. The &man.sysinstall.8; utility now attempts to enable &man.getty.8; on a serial port when no VGA card is detected on the system. The supported version of the GNOME desktop environment (x11/gnome2) has been updated to 2.32.1. The supported version of the KDE desktop environment (x11/kde4) has been updated to 4.5.5. Upgrading from previous releases of &os; Upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded has Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main &man.sysinstall.8; menu on CDROM distribution media. This type of binary upgrade may be useful on non-&arch.i386;, non-&arch.amd64; machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.

&os; &release.current; Release Notes The &os; Project $FreeBSD$ 2012 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Security Advisories Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from . Advisory Date Topic SA-11:01.mountd 20 April 2011 Network ACL mishandling in &man.mountd.8; SA-11:02.bind 28 May 2011 BIND remote DoS with large RRSIG RRsets and negative caching SA-11:04.compress 28 September 2011 Errors handling corrupt compress file in &man.compress.1; and &man.gzip.1; SA-11:05.unix 28 September 2011 Buffer overflow in handling of UNIX socket addresses SA-11:06.bind 23 December 2011 Remote packet Denial of Service against &man.named.8; servers SA-11:07.chroot 23 December 2011 Code execution via chrooted ftpd SA-11:08.telnetd 23 December 2011 telnetd code execution vulnerability SA-11:09.pam_ssh 23 December 2011 pam_ssh improperly grants access when user account has unencrypted SSH private keys SA-11:10.pam 23 December 2011 pam_start() does not validate service names Kernel Changes The &os; kernel now supports Capsicum Capability Mode. Capsicum is a set of features for sandboxing support, using a capability model in which the capabilities are file descriptors. Two new kernel options CAPABILITIES and CAPABILITY_MODE have been added to the GENERIC kernel. For more information about Capsicum, see . The &os; &man.dtrace.1; framework now supports systrace for system calls of linux32 and freebsd32 on &os;/&arch.amd64;. Two new systrace_linux32 and systrace_freebsd32 kernel modules provide support for tracing compat system calls in addition to the native system call tracing provided by the systrace module. The &os; ELF image activator now supports the PT_GNU_STACK program header. This is disabled by default. New &man.sysctl.8; variables kern.elf32.nxstack and kern.elf64.nxstack allow enabling PT_GNU_STACK for the specified ABIs (e.g. elf32 for 32-bit ABI). The &man.hhook.9; (Helper Hook) and &man.khelp.9; (Kernel Helpers) KPIs have been implemented. These are a kind of superset of &man.pfil.9; framework for more general use in the kernel. The &man.hhook.9; KPI provides a way for kernel subsystems to export hook points that &man.khelp.9; modules can hook to provide enhanced or new functionality to the kernel. The &man.khelp.9; KPI provides a framework for managing &man.khelp.9; modules, which indirectly use the &man.hhook.9; KPI to register their hook functions with hook points of interest within the kernel. These allow a structured way to dynamically extend the kernel at runtime in an ABI preserving manner. A &man.loader.8; tunable hw.memtest.tests has been added. This controls whether to perform memory testing at boot time or not. The default value is 1 (perform a memory test). A new resource accounting API has been implemented. It can keep per-process, per-jail, and per-loginclass resource accounting information. Note that this is not built nor installed by default. To build and install them, specify options RACCT in the kernel configuration file and rebuild the base system as described in the &os; Handbook. A new resource-limiting API has been implemented. It works in conjunction with the RACCT resource accounting implementation and takes user-configurable actions based on the set of rules it maintains and the current resource usage. The &man.rctl.8; utility has been added to manage the rules in userland. Note that this is not built nor installed by default. To build and install them, specify options RCTL in the kernel configuration file and rebuild the base system as described in the &os; Handbook. The &man.sendmsg.2; and &man.recvmsg.2; system calls in the &os; Linux ABI compatibility have been improved. The &man.open.2; and &man.fhopen.2; system calls now support the O_CLOEXEC flag, which allows setting the FD_CLOEXEC flag for the newly created file descriptor. This is standardized in IEEE Std 1003.1-2008 (POSIX, Single UNIX Specification Version 4). The &man.posix.fallocate.2; system call has been implemented. This is a function in POSIX to ensure that a part of the storage for regular file data is allocated on the file system storage media. Two new system calls setloginclass(2) and getloginclass(2) have been added. This makes it possible for the kernel to track the login class a process is assigned to, which is required for the RCTL resource limiting framework. &os; now supports executing &os; 1/&arch.i386; a.out binaries on &os;/&arch.amd64;. Note that this is not built nor installed by default. To build and install them, specify options COMPAT_43 in the kernel configuration file and rebuild the base system as described in the &os; Handbook. The following &man.sysctl.8; variables have been added to show the availability of various kernel features: &man.sysctl.8; variable name Description kern.features.ufs_acl ACL (Access Control List) support in UFS kern.features.ufs_gjournal journaling support through &man.gjournal.8; for UFS kern.features.ufs_quota UFS disk quotas support kern.features.ufs_quota64 64-bit UFS disk quotas support kern.features.softupdates FFS soft-updates support kern.features.ffs_snapshot FFS snapshot support kern.features.nfsclient NFS client (old implementation) kern.features.nfscl NFS client (new implementation) kern.features.nfsserver NFS server (old implementation) kern.features.nfsd NFS server (new implementation) kern.features.kdtrace_hooks Kernel DTrace hooks which are required to load DTrace kernel modules kern.features.ktr Kernel support for KTR kernel tracing facility kern.features.ktrace Kernel support for system call tracing kern.features.hwpmc_hooks Kernel support for HW PMC kern.features.sysv_msg System V message queues support kern.features.sysv_sem System V semaphores support kern.features.p1003_1b_mqueue POSIX P1003.1B message queues support kern.features.p1003_1b_semaphores POSIX P1003.1B semaphores support kern.features.kposix_priority_scheduling POSIX P1003.1B real-time extensions kern.features.stack Support for capturing the kernel stack kern.features.sysv_shm System V shared memory segments support kern.features.pps_sync Support usage of external PPS signal by kernel PLL kern.features.regression Kernel support for interfaces necessary for regression testing kern.features.invariant_support Support for modules compiled with the INVARIANTS option kern.features.zero_copy_sockets Zero copy sockets support kern.features.libmchain mchain library kern.features.scbus SCSI devices support kern.features.mac Mandatory Access Control Framework support kern.features.audit BSM audit support kern.features.geom_gate GEOM Gate module kern.features.geom_uzip GEOM uzip read-only compressed disks support kern.features.geom_cache GEOM cache module kern.features.geom_mirror GEOM mirroring support kern.features.geom_stripe GEOM striping support kern.features.geom_concat GEOM concatenation support kern.features.geom_raid3 GEOM RAID-3 functionality kern.features.geom_fox GEOM FOX redundant path mitigation support kern.features.geom_multipath GEOM multipath support kern.features.g_virstor GEOM virtual storage support kern.features.geom_bde GEOM-based Disk Encryption kern.features.geom_eli GEOM crypto module kern.features.geom_journal GEOM journaling support kern.features.geom_shsec GEOM shared secret device support kern.features.geom_vol GEOM support for volume names from UFS superblocks kern.features.geom_label GEOM labeling support kern.features.geom_sunlabel GEOM Sun/Solaris partitioning support kern.features.geom_bsd GEOM BSD disklabels support kern.features.geom_pc98 GEOM NEC PC9800 partitioning support kern.features.geom_linux_lvm GEOM Linux LVM partitioning support kern.features.geom_part_pc98 GEOM partitioning class for PC-9800 disk partitions kern.features.geom_part_vtoc8 GEOM partitioning class for SMI VTOC8 disk labels kern.features.geom_part_bsd GEOM partitioning class for BSD disklabels kern.features.geom_part_ebr GEOM partitioning class for extended boot records support kern.features.geom_part_ebr_compat GEOM EBR partitioning class: backward-compatible partition names kern.features.geom_part_gpt GEOM partitioning class for GPT partitions support kern.features.geom_part_apm GEOM partitioning class for Apple-style partitions kern.features.geom_part_mbr GEOM partitioning class for MBR support Boot Loader Changes The default boot loader menu has been updated. The &man.loader.8; loader now supports PBVM (Pre-Boot Virtual Memory). This allows linking the kernel at a fixed virtual address without having to make any assumptions about the physical memory layout. The PBVM also allows fine control of the address where the kernel and its modules are to be loaded. Hardware Support &os;/powerpc now supports Sony Playstation 3 using the OtherOS feature available on firmwares 3.15 and earlier. A new &man.loader.8; tunable machdep.disable_tsc has been added. Setting this to a non-zero value disables use of TSC (Time Stamp Counter) by turning off boot-time CPU frequency calibration, DELAY(9) with TSC, and using TSC as a CPU ticker. Another new &man.loader.8; tunable machdep.disable_tsc_calibration allows to skip the TSC frequency calibration only. This is useful when one wants to use the nominal frequency of the chip in Intel processors, for example. The &os; &man.usb.4; subsystem now supports USB 3.0 by default. The &os; &man.usb.4; subsystem now supports USB packet filter. This allows to capture packets which go through each USB host controller. The implementation is almost based on &man.bpf.4; code. The userland program &man.usbdump.8; has been added. Network Interface Support A bug in the &man.alc.4; driver which could make AR8152-based network interfaces stop working has been fixed. A bxe(4) driver for Broadcom NetXtreme II 10GbE controllers (BCM57710, BCM57711, BCM57711E) has been added. The &man.cxgb.4; driver has been updated to version 7.11.0. A &man.cxgbe.4; driver for Chelsio T4 (Terminator 4) based 10Gb/1Gb adapters has been added. The &man.dc.4; driver now works correctly in kernels with the option. The &man.em.4; driver has been updated to version 7.3.2. The &man.igb.4; driver has been updated to version 2.2.5. The &man.igb.4; driver now supports Intel I350 PCIe Gigabit Ethernet controllers. The &man.ixgbe.4; driver has been updated to version 2.3.8. Firmware images in the &man.iwn.4; driver for 1000, 5000, 6000, and 6500 series cards have been updated. A bug in the &man.msk.4; driver has been fixed. It could prevent RX checksum offloading from working. A bug in the &man.nfe.4; driver which could prevent reinitialization after changing the MTU has been fixed. A bug in the &man.ral.4; and &man.run.4; drivers which could prevent hostap mode from working has been fixed. A rdcphy(4) driver for RDC Semiconductor R6040 10/100 PHY has been added. The &man.re.4; driver now supports RTL8168E/8111E-VL PCIe Gigabit Ethernet controllers and RTL8401E PCIe Fast Ethernet controllers. The &man.re.4; driver now supports TX interrupt moderation on RTL810xE PCIe Fast Ethernet controllers. The &man.re.4; driver now supports another mechanism for RX interrupt moderation because of performance problems. A &man.sysctl.8; variable dev.re.N.int_rx_mod has been added to control amount of time to delay RX interrupt processing, in units of microsecond. Setting it to 0 completely disables RX interrupt moderation. A &man.loader.8; tunable hw.re.intr_filter controls whether the old mechanism utilizing MSI/MSI-X capability on supported controllers is used or not. When set to a non-zero value, the &man.re.4; driver uses the old mechanism. The default value is 0 and this tunable has no effect on controllers without MSI/MSI-X capability. The &man.re.4; driver now supports TSO (TCP Segmentation Offload) on RealTek RTL8168/8111 C or later controllers. Note that this is disabled by default because broken frames can be sent under certain conditions. The &man.re.4; driver now supports enabling TX and/or RX checksum offloading independently from each other. Note that TX IP checksum is disabled on some RTL8168C-based network interfaces because it can generate an incorrect IP checksum when the packet contains IP options. A bug in the &man.re.4; driver has been fixed. It could cause a panic when receiving a jumbo frame on an RTL8169C, 8169D, or 8169E controller-based network interface. The &man.re.4; driver now supports RTL8105E PCIe Fast Ethernet controllers. The rlphy(4) driver now supports the Realtek RTL8201E 10/100 PHY found in RTL8105E controllers. A bug in the &man.sis.4; driver has been fixed. It could prevent a proper reinitialization on DP83815, DP83816, and SiS 900/7016 controllers when the configuration of multicast packet handling and/or promiscuous mode is changed. A bug in the &man.vlan.4; pseudo interface han been fixed. It could have a random interface identifier in an automatically configured IPv6 link-local address, instead of one generated with the parent interface's IEEE 802 48-bit MAC address and an algorithm described in RFC 4291. A &man.vte.4; driver for RDC R6040 Fast Ethernet controllers, which are commonly found on the Vortex86 System On a Chip, has been added. A &man.vxge.4; driver for the Neterion X3100 10GbE Server/Storage adapter has been added. A bug in the &man.wpi.4; driver has been fixed. It could display the following error messages and result in the device being unusable: wpi0: could not map mbuf (error 12) wpi0: wpi_rx_intr: bus_dmamap_load failed, error 12 Network Protocols &man.ipfw.8; now supports IPv6 in the fwd action. &man.ipfw.8; now supports the call and return actions. Upon the call number action, the current rule number is saved in the internal stack and ruleset processing continues with the first rule numbered number or higher. The return action takes the rule number saved to internal stack by the latest call action and returns ruleset processing to the first rule with number greater than that saved number. &os;'s &man.ipsec.4; support now uses half of the hash size as the authenticator hash size in Hashed Message Authentication Mode (HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512) as described in RFC 4868. This was a fixed 96-bit length in prior releases because the implementation was based on an old Internet draft draft-ietf-ipsec-ciph-sha-256-00. Note that this means &release.current; and later are no longer interoperable with the older &os; releases. For Infiniband support, OFED (OpenFabrics Enterprise Distribution) version 1.5.3 has been imported into the base system. Note that this is not built nor installed by default. To build and install them, specify WITH_OFED=yes in /etc/src.conf and rebuild the base system as described in the &os; Handbook. The &os; TCP/IP network stack now supports IPv4 prefixes with /31 as described in RFC 3021, Using 31-Bit Prefixes on IPv4 Point-to-Point Links. A bug in the &os; TCP/IP network stack has been fixed. Source address selection could not be performed when multicast options were present but without an interface being specified. A bug in the IPV6_PKTINFO option used in &man.sendmsg.2; has been fixed. The IPV6_USE_MIN_MTU state set by &man.setsockopt.2; was ignored. The &os; TCP/IP network stack now supports the &man.mod.cc.9; pluggable congestion control framework. This allows TCP congestion control algorithms to be implemented as dynamically loadable kernel modules. The following kernel modules are available as of &release.current;: &man.cc.chd.4; for the CAIA-Hamilton-Delay algorithm, &man.cc.cubic.4; for the CUBIC algorithm, &man.cc.hd.4; for the Hamilton-Delay algorithm, &man.cc.htcp.4; for the H-TCP algorithm, &man.cc.newreno.4; for the NewReno algorithm, and &man.cc.vegas.4; for the Vegas algorithm. The default algorithm can be set by a new &man.sysctl.8; variable net.inet.tcp.cc.algorithm. The value must be set to one of the names listed by net.inet.tcp.cc.available, and newreno is the default set at boot time. For more detail, see the &man.mod.cc.4; and &man.mod.cc.9; manual pages. An &man.h.ertt.4; (Enhanced Round Trip Time) &man.khelp.9; module has been added. This module allows per-connection, low noise estimates of the instantaneous RTT in the TCP/IP network stack with a robust implementation even in the face of delayed acknowledgments and/or TSO (TCP Segmentation Offload) being in use for a connection. A new &man.tcp.4; socket option TCP_CONGESTION has been added. This allows to select or query the congestion control algorithm that the TCP/IP network stack will use for connections on the socket. The &man.ng.ipfw.4; &man.netgraph.4; node now supports IPv6. The &man.ng.one2many.4; &man.netgraph.4; node now supports the XMIT_FAILOVER transmit algorithm. This makes packets deliver out of the first active many hook. The &man.ng.netflow.4; &man.netgraph.4; node now supports NetFlow version 9. A new export9 hook has been added for NetFlow v9 data. Note that data export can be done simultaneously in both version 5 and version 9. The IEEE 802.11s element identifiers have been updated to reflect the final version of the amendment. This update breaks compatibility with older mesh setups but is necessary as the previous IDs are used by another amendment leading to unexpected results when trying to associate with an accesspoint using the affected IDs. Disks and Storage The &man.ada.4; driver now supports write cache control. A new &man.sysctl.8 variable kern.cam.ada.write_cache determines whether the write cache of &man.ada.4; devices is enabled or not. Setting to 1 enables and 0 disables the write cache, and -1 leaves the device default behavior. &man.sysctl.8 variables kern.cam.ada.N.write_cache can override the configuration in a per-device basis (the default value is -1, which means to use the global setting). Note that the value can be changed at runtime, but it takes effect only after a device reset. The &man.arcmsr.4; driver has been updated to version 1.20.00.22. The &man.cam.4; subsystem now supports the descriptor format sense data of the SPC-3 (SCSI Primary Commands 3) specification. The &man.geom.map.4; GEOM class has been added. This allows to generate multiple geom providers based on a hard-coded layout of a device with no explicit partition table such as embedded flash storage. For more information, see the &man.geom.map.4; manual page. The &man.gpart.8; GEOM class now supports the following aliases for the MBR and EBR schemes: fat32, ebr, linux-data, linux-raid, and linux-swap. The &man.gpart.8; GEOM class now supports bios-boot GUID for the GPT scheme which is used in GRUB 2 loader. The &man.graid.8; GEOM class has been added. This is a replacement of the &man.ataraid.4; driver supporting various BIOS-based software RAID. The &man.sysctl.8; variable kern.geom.confxml now contains information about disk identification in an ident tag and disk model strings in a descr tag. The &man.md.4; memory-backed pseudo disk device driver now supports a &man.sysctl.8; variable vm.md_malloc_wait to specify whether a malloc-backed disk will use M_WAITOK or M_NOWAIT for &man.malloc.9; calls. The M_WAITOK setting can prevent memory allocation failure under high load. If it is set to 0, a malloc-backed disk uses M_NOWAIT for memory allocation. The default value is 0. A bug in the &man.mmc.4; driver that could cause device detection to fail has been fixed. The &man.mxge.4; driver has been updated. A &man.tws.4; driver for 3ware 9750 SATA+SAS 6Gb/s RAID controllers has been added. File Systems The &os; Fast File System now supports softupdates journaling. It introduces a intent log into a softupdates-enabled file system which eliminates the need for background &man.fsck.8; even on unclean shutdown. This can be enabled in a per-filesystem basis by using the flag of the &man.newfs.8; utility or the option of the &man.tunefs.8; utility. Note that the &release.current; installer automatically enables softupdates journaling for newly-created UFS file systems. The &os; Fast File System now supports the TRIM command when freeing data blocks. A new flag in the &man.newfs.8; and &man.tunefs.8; utilities sets the TRIM-enable flag for a file system. The TRIM-enable flag makes the file system send a delete request to the underlying device for each freed block. The TRIM command is specified as a Data Set Management Command in the ATA8-ACS2 standard to carry the information related to deleted data blocks to a device, especially for a SSD (Solid-State Drive) for optimization. A new flag has been added to the &man.newfs.8; and &man.fsck.ffs.8; utilities. This clears unallocated blocks, notifying the underlying device that they are not used and that their contents may be discarded. This is useful in &man.fsck.ffs.8; for file systems which have been mounted on systems without TRIM support, or with TRIM support disabled, as well as filesystems which have been copied from one device to another. The &os; NFS subsystem has been updated. The new implementation supports NFS version 4 in addition to 2 and 3. The kernel options for the NFS server and client are changed from NFSSERVER and NFSCLIENT to NFSD and NFSCL. &man.sysctl.8; variables which start with vfs.nfssrv. have been renamed to vfs.nfsd.. The NFS server now supports vfs.nfsd.server_max_nfsvers and vfs.nfsd.server_min_nfsvers &man.sysctl.8; variables to specify the maximum and the minimum NFS version number which the server accepts. The default value is set to 3 and 2, respectively. To enable NFSv4, the following variables are needed on the server side in &man.rc.conf.5;: nfsv_server_enable="YES" nfsv4_server_enable="YES" nfsuserd_enable="YES" and the following line is needed in /etc/exports: V4: / For more information about NFSv4 and its configuration, see the &man.nfsv4.4; and &man.exports.5; manual pages. The &os; NFS subsystem now supports a mount option. This disables the close-to-open cache coherency check at open time. This option may improve performance for read-only mounts, but should only be used only if the data on the server changes rarely. The &man.mount.nfs.8; utility now also supports this flag keyword. A &man.loader.8; tunable vfs.typenumhash has been added and set to 1 by default. This enables to use a hash calculation on the file system identification number internally used in the kernel. This fixes the Stale NFS file handle error on NFS clients when upgrading or rebuilding the kernel on the NFS server due to unexpected change of these identification number values. The &os; ZFS subsystem has been updated to the SPA (Storage Pool Allocator, also known as zpool) version 28. It now supports data deduplication, triple parity RAIDZ (raidz3), snapshot holds, log device removal, zfs diff, zpool split, zpool import , and read-only zpool import. Userland Changes Complex exponential functions &man.cexp.3; and &man.cexpf.3;, and cube root function &man.cbrtl.3; have been added to libm. The &man.bsdtar.1; and &man.cpio.1; utilities are now based on libarchive version 2.8.4. The &man.cpuset.1; utility now supports a flag to create a new cpuset and assign an existing process into that set, and an all keyword in the option to specify all CPUs in the system. The &man.dhclient.8; utility now uses &man.resolvconf.8; to manage the &man.resolv.conf.5; file by default. A resolvconf_enable variable in /etc/dhclient-enter-hooks controls the behavior. A bug in the &man.fetch.1; utility which could prevent the STAT FTP command from working properly has been fixed. The &man.gpart.8; utility now supports a flag to the show subcommand. This allows showing providers' names of partitions instead of the partitions' indexes. The &man.hastd.8; utility now drops root privileges of the worker processes to the hast user. The &man.hastd.8; utility now supports a checksum keyword to specify the checksum algorithm in a resource section. As of &release.current;, none, sha256, and crc32 are supported. The &man.hastd.8; utility now supports a compression keyword to specify the compression algorithm in a resource section. As of &release.current;, none, hole and lzf are supported. The &man.hastd.8; utility now supports a source keyword to specify the local address to bind to before connecting the remote &man.hastd.8 daemon. An implementation of iconv() API libraries and utilities which are standardized in Single UNIX Specification has been imported. These are based on NetBSD's Citrus implementation. Note that these are not built nor installed by default. To build and install them, specify WITH_ICONV=yes in /etc/src.conf and rebuild the base system as described in the &os; Handbook. The &man.ifconfig.8; utility now supports fdx, flow, hdx, and loop keywords as aliases of full-duplex, flowcontrol, half-duplex, and loopback, respectively. A &man.readline.3; API set has been imported into libedit. This is based on NetBSD's implementation and BSD licensed utilities now use it instead of GNU libreadline. The &man.makefs.8; utility now supports the ISO 9660 format. libmd and libcrypt now support the SHA-256 and SHA-512 algorithms. The &man.netstat.1; utility now does not expose the internal scope address representation used in the &os; kernel, which is derived from KAME IPv6 stack, in the results of netstat -ani and netstat -nr. The &man.newsyslog.8; utility now supports &man.xz.1; compression. An X flag in the optional field has been added to specify the compression. The &man.pam.group.8; module now supports and options. The make it accept or reject based on the supplicant's group membership and this is the default behavior. The checks the target user's group membership instead of the supplicant's one. If neither option was specified, &man.pam.group.8; assumes and issues a warning. A &man.poweroff.8; utility has been added. This is equivalent to: &prompt.root; shutdown -p now The &man.ppp.8; utility now supports iface name name and iface description description commands. These have the same functionalities as the name and description subcommands of the &man.ifconfig.8; utility. The &man.ps.1; utility now supports an option to display the login class information of each process, and and options for accumulated system and user CPU time, respectively. The &man.rtadvd.8; daemon now supports a noifprefix keyword to disable gathering on-link prefixes from interfaces when no addr keyword is specified. An entry in /etc/rtadvd.conf with noifprefix and no addr generates an RA message with no prefix information option. The &man.rtsold.8; and &man.rtadvd.8; daemons now support the RDNSS and DNSSL options described in RFC 6106, IPv6 Router Advertisement Options for DNS Configuration. A &man.rtadvctl.8; utility to control the &man.rtadvd.8; daemon has been added. The &man.rtld.1; runtime linker now supports shared objects as filters in ELF shared libraries. Both standard and auxiliary filtering have been supported. The &man.rtld.1; linker's processing of a filter defers loading a filtee until a filter symbol is referenced unless the LD_LOADFLTR environment variable is defined or a -z loadfltr option was specified when the filter was created. A race condition in the &man.sed.1; utility has been fixed. When an option is specified, there could be a short time window with no file with the original file name. The &man.sh.1; program now supports kill as a built-in command. This allows specifying %job which is equivalent to the corresponding process group. Note that this built-in command returns the exit status 2 instead of 1 if a fatal error occurs as other built-in commands do. A bug in the &man.sh.1; program has been fixed for POSIX conformance. It could return an incorrect exit status when an exit command with no parameter is specified in the EXIT trap handler, which is triggered when the shell terminates. In trap actions for other signals, an exit command with no parameter returns an exit status corresponding to the received signal. A bug in the &man.sh.1; program has been fixed. When a foreground job exits on a signal, a message is printed to stdout about this. The buffer was not flushed after printing which could result in the message being written to the wrong file if the next command was a built-in and had stdout redirected. The &man.sh.1; program now supports a flag in trap command to stop the option processing. The %builtin keyword support in the $PATH variable has been removed from the &man.sh.1; program. All built-in commands are always found before looking up directories in $PATH. Arithmetic expression handling code in the &man.sh.1; program has been updated by importing code from dash. It now supports the conditional operator (?:) and a bug in evaluation of && and || around an arithmetic expression has been fixed. A bug in the &man.tftpd.8; daemon has been fixed. It had an interoperability issue when transferring a large file. The &man.utmp.5; user accounting database has been replaced by &man.utmpx.3;. User accounting utilities will now use utmpx database files exclusively. The &man.wtmpcvt.1; utility can be used to convert wtmp files to the new format, making it possible to read them using the updated utilities. A &man.utxrm.8; utility has been added. This allows one to remove an entry from the utmpx database by hand. This is useful when a login daemon crashes or fails to remove the entry during shutdown. The &man.zpool.8; utility now supports a zpool labelclear command. This allows to wipe the label data from a drive that is not active in a pool. Contributed Software ACPI CA has been updated to version 20110527. The awk has been updated to the 7 August 2011 release. ISC BIND has been updated to version 9.8.1-P1. GNU binutils has been updated to 2.17.50 (as of 3 July 2007), which is the last available version under GPLv2. The compiler-rt library, which provides low-level target-specific interfaces such as functions in libgcc, has been imported. dialog has been updated to version 1.1-20110707. The netcat utility has been updated to version 4.9. The tnftp (formerly known as lukemftp) has been updated to tnftp-20100108. GNU GCC and libstdc++ have been updated to rev 127959 of gcc-4_2-branch (the last GPLv2-licensed version). gdtoa, a set of binary from/to decimal number conversion routines used in &os;'s libc library has been updated to a snapshot as of 4 March, 2011. The LESS program has been updated to version v444. The LLVM compiler infrastructure and clang, a C language family front-end, version 3.0 have been imported. Note that it is not used for building the &os; base system by default. In the &os; build infrastructure, the &man.clang.1;, &man.clang...1;, and &man.clang-cpp.1; utilities can be used in CC, CXX, and CPP &man.make.1; variables, respectively. Openresolv version 3.4.4 has been imported. The &man.resolvconf.8; utility now manages the &man.resolv.conf.5; file. The OpenSSH utility has been updated to 5.8p2, and optimization for large bandwidth-delay product connection and none cipher support have been merged The pf packet filter has been updated to version 4.5. sendmail has been updated to version 8.14.5. The timezone database has been updated to the tzdata2011m release. The &man.unifdef.1; utility has been updated to version 2.5.6. The xz program has been updated from 5.0.0 to a snapshot as of 11 July, 2011. Release Engineering and Integration A new installer &man.bsdinstall.8; has been added and integrated into installation ISO images. The &man.sysinstall.8; utility is also available for configuration after the installation. The supported version of the KDE desktop environment (x11/kde4) has been updated from 4.5.5 to 4.7.3. Upgrading from previous releases of &os; Upgrading using freebsd-update(8) or a source-based procedure Beginning with &os; 6.2-RELEASE, binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as a unmodified GENERIC kernel distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. For more specific information about upgrading instructions, see . Upgrading &os; should, of course, only be attempted after backing up all data and configuration files. User-visible incompatibilities This section describes notable incompatibilities which you might want to know before upgrading your system. Please read this section and the Errata document carefully before submitting a problem report and/or posting a question to the FreeBSD mailing lists. Update of <literal>dialog</literal> The dialog library is used in &os;'s new installer and the &os; Ports Collection to display a dialog window and allow users to select various options. Note that it is updated in &release.current; and there are several differences in key operations which might confuse users who are familiar with releases prior to &release.current;. For example, pushing the enter key in a checklist window will no longer check an item. The new version consistently uses space bar for selecting an item and the enter key for OK/Cancel selection. Partition Metadata Integrity Check &os; now checks the integrity of partition metadata when a partition table is found on a disk though the GEOM PART subsystem. This detection is automatically performed when a disk device is ready. The GEOM PART class in the kernel verifies all generic partition parameters obtained from the disk metadata, and if some inconsistency is detected, the partition table will be rejected with the following diagnostic message: GEOM_PART: Integrity check failed This integrity check is enabled by default. On a system prior to &release.current;, the inconsistencies were silently ignored. Therefore, there is a possibility that this prevents a system from booting after upgrading it to &release.current;. More specifically, the kernel cannot mount the system partition at boot time in some cases. If this happens, a &man.loader.8; tunable kern.geom.part.check_integrity can be used as a workaround. Enter the following lines in the &man.loader.8; prompt at boot time: set kern.geom.part.check_integrity="0" boot These commands temporarily disable the integrity check. If it was the cause of the boot failure, the &os; kernel should detect the partitions as the prior release did, after entering the commands. This configuration can be added into /boot/loader.conf as follows: kern.geom.part.check_integrity="0" To check inconsistent metadata after booting on the system, use the &man.gpart.8; utility on the system. A corrupted entry will be displayed like the following: &prompt.user; gpart show => 63 1953525104 mirror/gm0 MBR (931G) [CORRUPT] 63 1953525105 1 freebsd [active] (931G) For more information, see the &man.gpart.8; manual page. ATA/SATA subsystem now &man.cam.4;-based In &release.current;, the &os; ATA/SATA disk subsystem has been replaced with a new &man.cam.4;-based implementation. &man.cam.4; stands for Common Access Method, which is an implementation of an API set originally for SCSI-2 and standardized as "SCSI-2 Common Access Method Transport and SCSI Interface Module". &os; has used the &man.cam.4; subsystem to handle SCSI devices since 3.X. Although the new &man.cam.4;-based ATA/SATA subsystem provides various functionality which the old &man.ata.4; did not have, it also has some incompatibilities: An ATA/SATA disk is now recognized as a device node with a name ada0 instead of ad0. Currently, a symbolic link /dev/ad0 is automatically generated for /dev/ada0 to keep backward compatibility. This symbolic link generation can be controlled by a kern.cam.ada.legacy_aliases (enabled by default). You might want to update /etc/fstab and/or consider using volume labels (see &man.glabel.8; for more details) for specifying each file system to be mounted. The &man.atacontrol.8; utility cannot be used for &man.cam.4;-based devices. The &man.camcontrol.8 utility is a replacement. &man.ataraid.4; software RAID is now supported by the &man.graid.8; GEOM class. It generates a device node with a name /dev/raid/r0 if you previously had /dev/ar0. Note that this is not enabled by default. To enable it, enter the following line in the &man.loader.8; prompt: set geom_raid_load="YES" boot or add the following line to /boot/loader.conf: geom_raid_load="YES" and reboot the system. A symbolic link like /dev/ar0 will NOT be generated for /dev/raid/r0. Therefore, if your system used /dev/ar0 as the root partition, mounting local file systems will fail because it is renamed to /dev/raid/r0. You need to update /etc/fstab manually in that case. The &man.burncd.8; utility does not work with &man.cam.4;-based devices. Use the cdrecord(1) utility in sysutils/cdrtools instead. Network Configuration Changes in <filename>/etc/rc.conf</filename> Although variables in &man.rc.conf.5; are basically compatible with earlier releases, ones related to network configuration are changed because of reorganization of the &man.rc.8; scripts. An address configuration now always needs an address family keyword. For example, the following line ifconfig_em0="192.168.2.1 netmask 255.255.255.0" should be ifconfig_em0="inet 192.168.2.1 netmask 255.255.255.0" Although the old convention is still supported in the existing variables for backward compatibility, some new variables do not support it. The ifconfig_IF_alias0 variable now requires an address family keyword to support non-IPv4 address families. For instance, ifconfig_em0_alias0="192.168.2.10 netmask 255.255.255.255" should be ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255" Different address families can coexist like the following: ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255" ifconfig_em0_alias1="inet6 2001:db8:1::1 prefixlen 64" Note that IPv6 alias configurations in ifconfig_IF_aliasN will be ignored when no ifconfig_IF_ipv6 variable is defined because it determines whether IPv6 functionality is enabled on that interface or not (this variable will be explained later). All alias and static routing configurations through &man.rc.conf.5; variables will be deactivated when invoking &man.rc.8; scripts or the &man.service.8; command with the stop keyword. &prompt.root; service netif stop em0 stops the interface em0. &prompt.root; service routing stop deactivates all static route configurations. Releases prior to &os; &release.current; did not support this functionality properly for non-IPv4 protocols. IPv6 configuration handling has been changed in the following way. Before in-depth explanations, here is a before-and-after example. What was previously: ifconfig_em0="192.168.2.1 netmask 255.255.255.0" ifconfig_em0_alias0="192.168.2.2 netmask 255.255.255.255" ipv6_enable="YES" ipv6_ifconfig_em0="2001:db8:1::1 prefixlen 64" ipv6_ifconfig_em0_alias0="2001:db8:2::1 prefixlen 64" # em1 uses SLAAC for IPv6 address configuration should be in &release.current;: ifconfig_em0="inet 192.168.2.1 netmask 255.255.255.0" ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64 accept_rtadv" ifconfig_em0_alias0="inet 192.168.2.2 netmask 255.255.255.255" ifconfig_em0_alias1="inet6 2001:db8:2::1 prefixlen 64" ifconfig_em1_ipv6="inet6 accept_rtadv" More specific explanations of the changes are as follows: The ipv6_enable variable is deprecated. IPv6 functionality on the system is enabled by default. No IPv6 communication will happen if you configure no IPv6 address. &release.current; now supports intermediate configurations between a host and a router IPv6 node. The ipv6_enable variable assumed that the system was a host node when ipv6_gateway_enable was set to NO (default), and a router node if not. A host node always accepted ICMPv6 Router Advertise messages, and a router did not. In &release.current;, this model is still applied but on a per-interface basis, not a system-wide basis. Specifically, if an interface has an ACCEPT_RTADV flag, RA messages will be accepted on that interface for SLAAC (StateLess Address AutoConfiguration) regardless of whether the packet forwarding is enabled or not. In addition to them, a per-interface flag NO_RADR and a &man.sysctl.8; variable net.inet6.ip6.rfc6204w3 have been added. This controls whether default router list information via RA messages on an RA-accepting interface should be ignored or not. In an IPv6 router model, it is not supposed to accept RA messages as an information source for the default router list. Because of that, &os; &release.current; ignores the default router list part when IPv6 packet forwarding is enabled, even if the interface has an ACCEPT_RTADV flag. However, this can make for a difficult situation when the system has to work as a CPE (Customer Premises Equipment) which needs RA messages from the upstream network for network configuration and acts as a router for the LAN simultaneously. For more information about this kind of configuration, see RFC 6204. To support this kind of configuration, the ipv6_cpe_wanif variable in &man.rc.conf.5; can be used. ipv6_gateway_enable="YES" ipv6_cpe_wanif="em0" means the em0 interface accepts RA messages and the default router information in them, and the other interfaces ignore the default router information part even when the ACCEPT_RTADV flag is set on them. ipv6_cpe_wanif handling internally sets the net.inet6.ip6.rfc6204w3 and the net.inet6.ip6.no_radr &man.sysctl.8; variables to 1. Note that both are set to 0 by default. When the former is set to 1, &os; accepts the default router list even when IPv6 packet forwarding is enabled. Note that a system administrator needs to set a NO_RADR flag on the other RA-accepting interfaces, if any, to prevent it from accepting unexpected default router information. The latter variable means the NO_RADR flag is automatically set on them. If ipv6_enable="YES" is defined in &os; &release.current;, it sets ipv6_activate_all_interfaces="YES" in /etc/rc.conf and the inet6 accept_rtadv &man.ifconfig.8; option on all network interfaces. Note that this is only for backward compatibility. The ipv6_enable should not be used in &os; &release.current;. The ipv6_ifconfig_IF variable is renamed to ifconfig_IF_ipv6. This variable controls whether IPv6 functionality should be enabled on that interface or not. If ifconfig_IF_ipv6, is not set, there is no IPv6 functionality on the interface IF. Note that the ifconfig_IF_ipv6 variable always needs the address family keyword inet6. If you need an automatic link-local address only, the following line is enough: ifconfig_em0_ipv6="inet6 auto_linklocal" If you need full-blown IPv6 functionality on all interfaces like prior releases with ipv6_enable="YES", including ones with no ifconfig_IF_ipv6 line, you might want to use the ipv6_activate_all_interfaces variable as explained later. If ipv6_ifconfig_IF="..." is defined in &os; &release.current;, it means ifconfig_IF_ipv6="inet6 ...". Note that this is only for backward compatibility. The inet6 address family keyword is required for ifconfig_IF_ipv6, but was NOT required for ipv6_ifconfig_IF. The ipv6_ifconfig_IF variables should not be used in &release.current;. An interface with no corresponding ifconfig_IF_ipv6 variable is marked with an IFDISABLED flag by &man.devd.8; daemon. This flag means IPv6 communication is disabled on that interface. This can also be found in output of &man.ifconfig.8;: &prompt.user; ifconfig em0 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether xx:xx:xx:xx:xx:xx inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 nd6 options=3<PERFORMNUD,IFDISABLED,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active To enable IPv6 functionality, this flag should be removed first. There are several ways to do so. Adding an IPv6 address automatically removes this flag. It is possible to remove this flag explicitly by using the following command: &prompt.root; ifconfig em0 inet6 -ifdisabled Note that defining an ifconfig_IF_ipv6 is the most reasonable way to activate IPv6 functionality on that interface. This IFDISABLED flag is to prevent unintended IPv6 communications in an IPv4-only environment even when the interface has an IPv6 link-local address. If you need full-blown IPv6 functionality on all interfaces, you might want to use the ipv6_activate_all_interfaces variable as explained later. The &man.sysctl.8; variable net.inet6.ip6.accept_rtadv has been changed. It was a system-wide configuration knob which controlled whether the system accepts ICMPv6 Router Advertisement messages or not. In &os; &release.current;, this knob is converted into a per-interface inet6 accept_rtadv &man.ifconfig.8; option. Although the &man.sysctl.8; variable is available still in &os; &release.current;, it now controls whether the per-interface option is set by default or not. The default value is 0 (not accept the RA messages). The &man.sysctl.8; variable net.inet6.ip6.auto_linklocal has been changed. It was a system-wide configuration knob which controlled whether an IPv6 link-local address was generated on a network interface when it became up. In &os; &release.current;, this knob is converted into a per-interface inet6 auto_linklocal &man.ifconfig.8; option. Although the &man.sysctl.8; variable is still available in &os; &release.current;, it now controls whether the per-interface option is set by default or not. The default value is 1 (generate a link-local automatically). The functionality of ipv6_ifconfig_IF_alias0 is integrated into ifconfig_IF_alias0. Note that address family keywords are always required: ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255" ifconfig_em0_alias1="inet6 2001:db8:1::1 prefixlen 64 Although ipv6_ifconfig_IF_aliasN is still usable in &os; &release.current;, it is only for backward compatibility. A new ipv6_activate_all_interfaces variable has been added. If this variable is set to YES, the IFDISABLED option will not be added even if ifconfig_IF_ipv6 variables are not defined. This can prevent IFDISABLED on dynamically-added interfaces such as &man.ppp.4;, &man.tap.4;, and &man.ng.iface.4; where defining ifconfig_IF_ipv6 in advance is difficult. Openresolv and <filename>/etc/resolv.conf</filename> The &man.resolvconf.8; utility has been added and it now handles updating the &man.resolv.conf.5; file. Direct modifications to /etc/resolv.conf can be overwritten by network configuration utilities such as &man.dhclient.8; and &man.rtsold.8;. Disk Partition Management Utilities In earlier releases various utilities were available to manage disk partition information. They are deprecated in favor of the &man.gpart.8; utility. Specifically, the &man.fdisk.8;, &man.disklabel.8; &man.bsdlabel.8;, and &man.sunlabel.8; utilities are no longer supported actively though these are still available for backward compatibility.