1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
|
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
%articles.ent;
<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
]>
<article>
<articleinfo>
<title>&os; &release.current; Release Notes</title>
<corpauthor>The &os; Project</corpauthor>
<pubdate>$FreeBSD$</pubdate>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<year>2004</year>
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2008</year>
<year>2009</year>
<holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
</copyright>
<legalnotice id="trademarks" role="trademarks">
&tm-attrib.freebsd;
&tm-attrib.ibm;
&tm-attrib.ieee;
&tm-attrib.intel;
&tm-attrib.sparc;
&tm-attrib.general;
</legalnotice>
<abstract>
<para>The release notes for &os; &release.current; contain a summary
of the changes made to the &os; base system on the
&release.branch; development line.
This document lists applicable security advisories that were issued since
the last release, as well as significant changes to the &os;
kernel and userland.
Some brief remarks on upgrading are also presented.</para>
</abstract>
</articleinfo>
<sect1 id="intro">
<title>Introduction</title>
<para>This document contains the release notes for &os;
&release.current;. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.</para>
<![ %release.type.current [
<para>The &release.type; distribution to which these release notes
apply represents the latest point along the &release.branch; development
branch since &release.branch; was created. Information regarding pre-built, binary
&release.type; distributions along this branch
can be found at <ulink url="&release.url;"></ulink>.</para>
]]>
<![ %release.type.snapshot [
<para>The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;.
Information regarding
pre-built, binary &release.type; distributions along this branch
can be found at <ulink url="&release.url;"></ulink>.</para>
]]>
<![ %release.type.release [
<para>This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at <ulink
url="&release.url;"></ulink> or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the <ulink
url="&url.books.handbook;/mirrors.html"><quote>Obtaining
&os;</quote> appendix</ulink> to the <ulink
url="&url.books.handbook;/">&os;
Handbook</ulink>.</para>
]]>
<para>All users are encouraged to consult the release errata before
installing &os;. The errata document is updated with
<quote>late-breaking</quote> information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections to
documentation. An up-to-date copy of the errata for &os;
&release.current; can be found on the &os; Web site.</para>
</sect1>
<sect1 id="new">
<title>What's New</title>
<para>This section describes the most user-visible new or changed
features in &os; since &release.prev;, and changes shown in
Release Notes for the previous releases are marked as
<literal>[7.1R]</literal> and <literal>[7.2R]</literal>.</para>
<para>Typical release note items document recent security
advisories issued after &release.prev;, new drivers or hardware
support, new commands or options, major bug fixes, or
contributed software upgrades. They may also list changes to
major ports/packages or release engineering practices. Clearly
the release notes cannot list every single change made to &os;
between releases; this document focuses primarily on security
advisories, user-visible changes, and major architectural
improvements.</para>
<sect2 id="security">
<title>Security Advisories</title>
<para>Problems described in the following security advisories have
been fixed. For more information, consult the individual
advisories available from
<ulink url="http://security.FreeBSD.org/"></ulink>.</para>
<informaltable frame="none" pgwide="0">
<tgroup cols="3">
<colspec colwidth="1*">
<colspec colwidth="1*">
<colspec colwidth="3*">
<thead>
<row>
<entry>Advisory</entry>
<entry>Date</entry>
<entry>Topic</entry>
</row>
</thead>
<tbody>
<row role="7.1">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc"
>SA-08:05.openssh</ulink></entry>
<entry>17 April 2008</entry>
<entry><para>OpenSSH X11-forwarding privilege escalation</para></entry>
</row>
<row role="7.1">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc"
>SA-08:06.bind</ulink></entry>
<entry>13 July 2008</entry>
<entry><para>DNS cache poisoning</para></entry>
</row>
<row role="7.1">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc"
>SA-08:07.amd64</ulink></entry>
<entry>3 September 2008</entry>
<entry><para>amd64 swapgs local privilege escalation</para></entry>
</row>
<row role="7.1">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:08.nmount.asc"
>SA-08:08.nmount</ulink></entry>
<entry>3 September 2008</entry>
<entry><para>&man.nmount.2; local arbitrary code execution</para></entry>
</row>
<row role="7.1">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc"
>SA-08:09.icmp6</ulink></entry>
<entry>3 September 2008</entry>
<entry><para>Remote kernel panics on IPv6 connections</para></entry>
</row>
<row role="7.1">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
>SA-08:10.nd6</ulink></entry>
<entry>1 October 2008</entry>
<entry><para>IPv6 Neighbor Discovery Protocol routing vulnerability</para></entry>
</row>
<row role="7.1">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc"
>SA-08:11.arc4random</ulink></entry>
<entry>24 November 2008</entry>
<entry><para>&man.arc4random.9; predictable sequence vulnerability</para></entry>
</row>
<row role="7.1">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:12.ftpd.asc"
>SA-08:12.ftpd</ulink></entry>
<entry>23 December 2008</entry>
<entry><para>Cross-site request forgery in &man.ftpd.8;</para></entry>
</row>
<row role="7.1">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc"
>SA-08:13.protosw</ulink></entry>
<entry>23 December 2008</entry>
<entry><para>netgraph / bluetooth privilege escalation</para></entry>
</row>
<row role="7.2">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
>SA-09:01.lukemftpd</ulink></entry>
<entry>07 January 2009</entry>
<entry><para>Cross-site request forgery in
&man.lukemftpd.8;</para></entry>
</row>
<row role="7.2">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
>SA-09:02.openssl</ulink></entry>
<entry>07 January 2009</entry>
<entry><para>OpenSSL incorrectly checks for malformed
signatures</para></entry>
</row>
<row role="7.2">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
>SA-09:03.ntpd</ulink></entry>
<entry>13 January 2009</entry>
<entry><para>ntpd cryptographic signature
bypass</para></entry>
</row>
<row role="7.2">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
>SA-09:04.bind</ulink></entry>
<entry>13 January 2009</entry>
<entry><para>BIND DNSSEC incorrect checks for
malformed signatures</para></entry>
</row>
<row role="7.2">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
>SA-09:05.telnetd</ulink></entry>
<entry>16 February 2009</entry>
<entry><para>telnetd code execution
vulnerability</para></entry>
</row>
<row role="7.2">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
>SA-09:06.ktimer</ulink></entry>
<entry>23 March 2009</entry>
<entry><para>Local privilege escalation</para></entry>
</row>
<row role="7.2">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
>SA-09:07.libc</ulink></entry>
<entry>04 April 2009</entry>
<entry><para>Information leak in &man.db.3;</para></entry>
</row>
<row role="7.2">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
>SA-09:08.openssl</ulink></entry>
<entry>22 April 2009</entry>
<entry><para>Remotely exploitable crash in
OpenSSL</para></entry>
</row>
<row role="8.0">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"
>SA-09:09.pipe</ulink></entry>
<entry>10 June 2009</entry>
<entry><para>Local information disclosure via direct pipe writes</para></entry>
</row>
<row role="8.0">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc"
>SA-09:10.ipv6</ulink></entry>
<entry>10 June 2009</entry>
<entry><para>Missing permission check on SIOCSIFINFO_IN6 ioctl</para></entry>
</row>
<row role="8.0">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
>SA-09:11.ntpd</ulink></entry>
<entry>10 June 2009</entry>
<entry><para>ntpd stack-based buffer-overflow vulnerability</para></entry>
</row>
<row role="8.0">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:12.bind.asc"
>SA-09:12.bind</ulink></entry>
<entry>29 July 2009</entry>
<entry><para>BIND &man.named.8; dynamic update message remote DoS</para></entry>
</row>
<row role="8.0">
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:14.devfs.asc"
>SA-09:14.devfs</ulink></entry>
<entry>2 Oct 2009</entry>
<entry><para>Devfs / VFS NULL pointer race condition</para></entry>
</row>
</tbody>
</tgroup>
</informaltable>
</sect2>
<sect2 id="kernel">
<title>Kernel Changes</title>
<para role="8.0">The &os; <filename>GENERIC</filename> kernel now
includes Trusted BSD MAC (Mandatory Access Control) support.
No MAC policy module is loaded by default.</para>
<para role="8.0" arch="i386">A loader
tunable <varname>hw.clflush_disable</varname> has been added
to avoid panic (trap 9)
at <function>map_invalidate_cache_range()</function> even if
Intel CPU is used. This tunable can be set
to <literal>-1</literal> (default), <literal>0</literal> and
<literal>1</literal>. The <literal>-1</literal> is same as
the current behavior, which automatically
disables <literal>CLFLUSH</literal> on Intel CPUs without
<literal>CPUID_SS</literal> (this should occurr on Xen
only). You can specify <literal>1</literal> when this panic
happens on non-Intel CPUs (such as AMD's). Because disabling
<literal>CLFLUSH</literal> can reduce performance, you can try
with setting <literal>0</literal> on Intel CPUs
without <literal>SS</literal> to
use <literal>CLFLUSH</literal> feature.</para>
<para role="8.0">The &os; newbus subsystem is now MPSAFE.</para>
<para role="8.0">The &man.jail.8; subsystem has been updated. Changes include:</para>
<itemizedlist role="7.2">
<listitem>
<para role="8.0">A new virtualization container
named <quote>vimage</quote> has been implemented. This is
not enabled by default. To enable this, add the following
kernel options to your kernel configuration file and
rebuild the kernel:</para>
<programlisting>options VIMAGE</programlisting>
<para>Note that <literal>options SCTP</literal> in the
<filename>GENERIC</filename> kernel is not compatible with
<literal>options VIMAGE</literal>. This limitation will
be fixed in the next release.</para>
<para>The vimage is a jail with a virtualized instance of
the &os; network stack. It can be created by using
&man.jail.8; command like this:</para>
<screen>&prompt.root; jail -c vnet name=<replaceable>vnet1</replaceable> host.hostname=<replaceable>vnet1.example.net</replaceable> path=/ persist</screen>
<para>The vimage has own loopback interface and a separated
network stack including the L3 routing tables. Network
interfaces on the system can be moved by using
&man.ifconfig.8; <option>vnet</option> option between the
different vimage jails and outside of them.</para>
<para>Furthermore, the &man.epair.4; pseudo-interface driver
has been added to help communication between vimage jails.
It emulates a pair of back-to-back connected Ethernet
interfaces. For example, the following commands create an
interface pair of &man.epair.4;:</para>
<screen>&prompt.root; ifconfig epair0 create
epair0a
&prompt.root; ifconfig epair0a
epair0a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:c0:64:00:07:0a
&prompt.root; ifconfig epair0b
epair0b: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:c0:64:00:08:0b</screen>
<para>The &man.epair.4; pseudo-interfaces and any physical
interfaces on the system can be moved between vimage jails
by using &man.ifconfig.8; <option>vnet</option> option as
described above. Even after half of an &man.epair.4; pair
is moved, the back-to-back connection still valid and can
be used for inter-jail communication.</para>
<para>Note that vimage is still considered as an
experimental feature.</para>
</listitem>
<listitem>
<para>A jail can now have arbitrary named parameters similar
to environmental variables and the fixed jail parameters
in the previous releases have been replaced with them.
The jail name can now be used for identifying the jail in
&man.jexec.8; and &man.killall.1;.</para>
</listitem>
<listitem>
<para>Multiple IPv4 and/or IPv6 addresses per jail are now
supported. It is even possible to have jails without
an IP address at all, which basically gives one a chrooted
environment with restricted process view and no
networking.</para>
</listitem>
<listitem>
<para>SCTP (&man.sctp.4;) with IPv6 in jails has been
implemented.</para>
</listitem>
<listitem>
<para>Specific CPU binding by using &man.cpuset.1; has been
implemented. Note that the current implementation allows
the superuser inside of the jail to change the CPU
bindings specified.</para>
</listitem>
<listitem>
<para>A &man.jail.8; can start with a specific route
FIB now.</para>
</listitem>
<listitem>
<para>The &man.ddb.8; kernel debugger now supports a
<literal>show jails</literal> subcommand.</para>
</listitem>
<listitem>
<para>Compatibility support which permits 32-bit jail
binaries to be used on 64-bit systems to manage jails has
been added.</para>
</listitem>
<listitem>
<para>Note that both version numbers of
<literal>jail</literal> and <literal>prison</literal> in
the &man.jail.8; have been updated for the new
features.</para>
</listitem>
</itemizedlist>
<para role="8.0">The &man.ksyms.4;, kernel symbol table
interface driver has been added. It creates a character
device <filename>/dev/ksyms</filename> and provides
read-only access to a snapshot of the kernel symbol
table.</para>
<para role="8.0" arch="amd64,i386">The &os; Linux emulation
layer has been updated to version 2.6.16 and the default Linux
infrastructure port is
<filename>emulators/linux_base-f10</filename> (Fedora
10).</para>
<para role="8.0" arch="amd64,i386">The &os; virtual memory
subsystem now supports fully transparent use of
<application>superpages</application> for application memory;
application memory pages are dynamically promoted to or
demoted from superpages without any modification to
application code. This change offers the benefit of large
page sizes such as improved virtual memory efficiency and
reduced TLB (translation lookaside buffer) misses without
downsides like application changes and virtual memory
inflexibility. This can be enabled by setting a loader tunable
<varname>vm.pmap.pg_ps_enabled</varname> to
<literal>1</literal> and is enabled by default on
&arch.amd64;.</para>
<para role="7.2">The &man.ddb.8; kernel debugger now supports a
<command>show mount</command> subcommand.</para>
<para role="7.2">The &os; DTrace subsystem now supports a probe for
process execution.</para>
<para role="7.2" arch="amd64">The &os; kernel virtual address
space has been increased to 6GB. This allows subsystems to use
larger virtual memory space than before. For example, the
&man.zfs.8; adaptive replacement cache (ARC) requires large
kernel memory space to cache file system data, so it benefits
from the increased address space. Note that the ceiling on
the kernel map size is now 60% of the size of physical memory
rather than an absolute quantity.</para>
<para role="7.2">The &man.kld.4; now supports installing 32-bit
system calls to the &os; syscall translation layer from kernel
modules.</para>
<para role="7.2">The &man.ktr.4; now supports a new KTR tracepoint in the
<literal>KTR_CALLOUT</literal> class to note when a callout
routine finishes executing.</para>
<para role="7.2">Types of variables used to track the amount of allocated
System V shared memory have been changed from
<literal>int</literal> to <literal>size_t</literal>. This
makes it possible to use more than 2 GB of memory for shared
memory segments on 64-bit architectures. Please note the new
BUGS section in &man.shmctl.2; and
<filename>/usr/src/UPDATING</filename> for limitations of this
temporary solution.</para>
<para role="7.2">The &man.sysctl.3; leaf nodes have a flag to tag
themselves as MPSAFE now.</para>
<para role="7.2">The &os; 32-bit system call translation layer now
supports installing 32-bit system calls for
<literal>VFS_AIO</literal>.</para>
<para role="7.1">The &man.clock.gettime.2; and the related system calls now
support a clock ID <literal>CLOCK_THREAD_CPUTIME_ID</literal>,
as defined in POSIX.</para>
<para role="7.1">The &man.cpuset.2; system call has been added. This is an
API for thread to CPU binding and CPU resource grouping and
assignment.</para>
<para role="7.1">The DTrace, a comprehensive dynamic tracing framework and
&man.dtrace.1; userland utility have been imported from
OpenSolaris. DTrace provides a powerful infrastructure to
permit administrators, developers, and service personnel to
concisely answer arbitrary questions about the behavior of the
operating system and user programs.</para>
<para role="7.1">The &man.ddb.4; kernel debugger now has an output capture
facility. Input and output from &man.ddb.4; can now be captured
to a memory buffer for later inspection using &man.sysctl.8; or
a textdump. The new <command>capture</command> command controls
this feature.</para>
<para role="7.1">The &man.ddb.4; debugger now supports a simple scripting
facility, which supports a set of named scripts consisting of a
set of &man.ddb.4; commands. These commands can be managed from
within &man.ddb.4; or with the use of the new &man.ddb.8;
utility. More details can be found in the &man.ddb.4; manual
page.</para>
<para role="7.1">The &man.ddb.4; <command>ex</command> command now supports
an <option>/S</option> mode which interprets and prints the
value at the requested address as a symbol. For example,
<userinput>ex /S <replaceable>aio_swake</replaceable></userinput>
prints the name of the function currently registered in
via <replaceable>aio_swake</replaceable> hook.</para>
<para role="7.1">The &man.ddb.4; <command>show conifhk</command> command has
been added. This lists hooks currently waiting for completion
in <function>run_interrupt_driven_config_hooks()</function>.</para>
<para role="7.1">The &man.fcntl.2; system call now supports
<literal>F_DUP2FD</literal> command. This is equivalent to
&man.dup.2;, and compatible with the Sun Solaris and the IBM
AIX.</para>
<para role="7.1">The &os;'s &man.linux.4; ABI support now implements
<function>sched_setaffinity()</function> and
<function>sched_getaffinity()</function> using real CPU affinity
setting primitives.</para>
<para role="7.1">The &man.procstat.1; utility has been added. This is a
process inspection utility which provides some of the missing
functionality from &man.procfs.5; and new functionality for monitoring
and debugging specific processes.</para>
<para role="7.1">The client side functionality of &man.rpc.lockd.8; has been
implemented in the &os; kernel. This implementation provides the
correct semantics for &man.flock.2; style locks which are used
by the &man.lockf.1; command line tool and the &man.pidfile.3;
library. It also implements recovery from server restarts and
ensures that dirty cache blocks are written to the server before
obtaining locks (allowing multiple clients to use file locking
to safely share data). Also, a new kernel option
<literal>options NFSLOCKD</literal> has been added and enabled
by default. If the kernel support is enabled, &man.rpc.lockd.8;
automatically detects and uses the functionality.</para>
<para role="7.1">The &os; kernel now supports a new textdump format of kernel
dumps. A textdump provides higher-level information via
mechanically generated/extracted debugging output, rather than a
simple memory dump. This facility can be used to generate brief
kernel bug reports that are rich in debugging information, but
are not dependent on kernel symbol tables or precisely
synchronized source code. More information can be found in the
&man.textdump.4; manual page.</para>
<para role="7.1">The &man.wait4.2; system call now supports
<option>WNOWAIT</option> flag to keep the process whose status
is returned in a waitable state and <option>WSTOPPED</option>
which is equivalent to <option>WUNTRACED</option>.</para>
<para role="7.1" arch="amd64,i386,sparc64">The &os; kernel now has
initial support of binding interrupts to CPUs.</para>
<para role="7.1" arch="amd64,i386"> The &man.sched.ule.4; scheduler is now the default
process scheduler in <filename>GENERIC</filename>
kernels.</para>
<para role="7.1">The sysctl
variables <varname>kern.features.compat_freebsd[456]</varname>
have been added. These are corresponding to the kernel options
<literal>COMPAT_FREEBSD[456]</literal>.</para>
<sect3 id="boot">
<title>Boot Loader Changes</title>
<para role="8.0">The <application>boot0</application> boot
loader now preserves volume ID at offset
0x1b8 used in other operating systems </para>
<para role="8.0">The &man.boot0cfg.8; utility now supports a
new <option>-i</option> option to set the volume ID.</para>
<para role="7.2">The &man.boot.8; now supports 4-byte volume ID that
certain versions of &windows; put into the MBR and invoking
PXE by pressing the F6 key on some supported BIOSes.</para>
<para role="7.2" arch="i386">The &man.boot.8; BTX loader has been
improved. This fixes several boot issues on recent machines
reported for 7.1-RELEASE and before.</para>
<para role="7.2">The &man.loader.8; is now able to obtain DHCP options
from network boot via &man.kenv.2; variables.</para>
<para role="7.2">A bug in the &man.loader.8; has been fixed. Now the
following line works as expected:</para>
<programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
<para role="7.1" arch="amd64,i386">The BTX kernel used by the boot
loader has been changed to invoke BIOS routines from real
mode. This change makes it possible to boot &os; from USB
devices.</para>
<para role="7.1" arch="amd64,i386">A new gptboot boot loader has
been added to support booting from a GPT labeled disk. A
new <command>boot</command> command has been added to
&man.gpt.8;, which makes a GPT disk bootable by writing the
required bits of the boot loader, creating a new boot
partition if required.</para>
</sect3>
<sect3 id="proc">
<title>Hardware Support</title>
<para role="8.0">The &os; now includes experimental support
for &arch.mips; platform.</para>
<para role="8.0">The &man.acpi.4; subsystem now supports the System
Resource Affinity Table (SRAT) used to describe affinity
relationships between CPUs and memory, ACPI 3.0 fields in
the MADT including X2APIC entries and UIDs for local SAPICs, and
ACPI 3.0 flags in the FADT.</para>
<para role="8.0" arch="powerpc">The &man.cpufreq.4; framework now
supports PowerPC G5, along with a skeleton SMU driver in order to slew
CPU voltage during frequency changes.</para>
<para role="8.0">The sec(4) driver has been added to provide
support for the integrated security engine found in
Freescale system-on-chip devices.</para>
<para role="8.0">The &os; TTY layer has been replaced with a
new one which has better support for SMP and robust resource
handling. A tty now has own mutex and it is expected to
improve scalability when compared to the old implementation
based on the Giant lock.</para>
<para role="8.0" arch="amd64,i386">The &man.uart.4; driver is now the
default driver for serial port devices in favor of the
&man.sio.4; driver. Note that the device nodes have been
renamed from
<filename>/dev/cuad<replaceable>N</replaceable></filename> and
<filename>/dev/ttyd<replaceable>N</replaceable></filename> to
<filename>/dev/cuau<replaceable>N</replaceable></filename> and
<filename>/dev/ttyu<replaceable>N</replaceable></filename>.</para>
<important>
<para>Users who are upgrading will need to change their
kernel configurations and possibly also
<filename>/boot/loader.conf</filename> and
<filename>/boot/device.hints</filename>.</para>
</important>
<para role="8.0">The &os; USB subsystem has been reimplemented
to support modern devices and better SMP scalability. The
new implementation includes Giant-lock-free device drivers,
a Linux compatibility layer, &man.usbconfig.8; utility, full
support for split transaction and isochronous transaction,
and more. Device node names for USB devices are now in a
the form
of <filename>/dev/usb/<replaceable>bus</replaceable>.<replaceable>dev</replaceable>.<replaceable>endpoint</replaceable></filename>,
and <filename>/dev/usbctl</filename> is the master device
node. Note that the &man.ugen.4; driver has nodes for each device as <filename>/dev/ugen<replaceable>bus</replaceable>.<replaceable>dev</replaceable></filename> for backward compatibility.</para>
<para role="7.2" arch="sparc64">&os; now supports Ultra SPARC III
(Cheetah) processor family.</para>
<para role="7.2">The &man.acpi.4; subsystem now supports a &man.sysctl.8;
variable <varname>debug.batt.batt_sleep_ms</varname>. On
some laptops with smart batteries, enabling battery
monitoring software causes keystrokes from &man.atkbd.4; to
be lost. This sysctl variable adds a delay in millisecond
to the status checking code as a workaround.</para>
<para role="7.2">The &man.acpi.asus.4; driver now supports Asus A8Sr
notebooks.</para>
<para role="7.2" arch="powerpc">Support for the AltiVec, a floating point
and integer SIMD instruction set has been added.</para>
<para role="7.2">The &man.cpuctl.4; driver, which provides a special
device <filename>/dev/cpuctl</filename> as an interface to
the system CPU has been added. The &man.cpuctl.4;
functionality includes the ability to retrieve CPUID
information, read/write machine specific registers (MSR),
and perform CPU firmware updates.</para>
<para role="7.2">The &man.cpufreq.4; driver now supports an
<varname>hw.est.msr_info</varname> loader tunable. When
this is set to <literal>1</literal>, it attempts to build a
simple list containing just the high and low frequencies if
it cannot obtain a frequency list from either ACPI or the
static tables. This is disabled by default.</para>
<para role="7.2" arch="amd64,i386">CPU frequency change notifiers are now
disabled when the TSC is P-state invariant. Also, a new
loader tunable
<varname>kern.timecounter.invariant_tsc</varname> has been
added to force this behavior by setting it to
non-zero.</para>
<para role="7.2">The &man.atkbd.4; driver now disables the interrupt
handler which is called from the keyboard callback function
when polled mode is enabled. This fixes the problem of
duplicated/missing characters at the mountroot prompt on
multi CPU systems while &man.kbdmux.4; is enabled.</para>
<para role="7.2">In the &man.pci.4; subsystem INTx is now disabled when
MSI/MSIX is enabled. This change fixes interrupt storm
related issues.</para>
<para role="7.2" arch="sparc64">The schizo(4) driver for Schizo
Fireplane/Safari to PCI 2.1 and Tomatillo JBus to PCI 2.2
bridges has been added.</para>
<para role="7.2">The &man.u3g.4; driver for USB based 3G cards and
dongles including Vodafone Mobile Connect Card 3G, Qualcomm
CDMA MSM, Huawei E220, Novatel U740, Sierra MC875U, and more
has been added. This provides support for the multiple
USB-to-serial interfaces exposed by many 3G USB/PC Card
modems, and the device is accessed through the &man.ucom.4;
driver which makes it behave like a &man.tty.4;.</para>
<para role="7.2">The &man.sched.ule.4; scheduler now supports
the loader tunable
<varname>machdep.hyperthreading_enabled</varname> just like
&man.sched.4bsd.4;. Note that it cannot be modified at
run-time.</para>
<para role="7.1">The &man.cmx.4; driver, a driver for Omnikey CardMan 4040
PCMCIA smartcard readers, has been added.</para>
<para role="7.1" arch="sparc64">The &man.kbdmux.4; driver now
supports &arch.sparc64;. The &man.sunkbd.4; driver now
supports &man.atkbd.4; emulation like &man.ukbd.4;.</para>
<para role="7.1">The <filename>nvram(4)</filename> driver is now
MPSAFE.</para>
<para role="7.1">An option of the &man.puc.4;
driver, <literal>PUC_FASTINTR</literal>, is no longer
supported.</para>
<para role="7.1">The &man.psm.4; driver now attempts detection of Synaptics
touchpad before IntelliMouse. Some touchpads will pretend to
be IntelliMouse causing the IntelliMouse probe to work and the
Synaptics detection never to be done.</para>
<para role="7.1">The &man.uslcom.4; driver, a driver for Silicon
Laboratories CP2101/CP2102-based USB serial adapters, has been
imported from OpenBSD.</para>
<sect4 id="mm">
<title>Multimedia Support</title>
<para role="8.0">The &os; audio subsystem has been improved.
The changes include volume per channel, high quality
fixed-point band-limited SINC sampling rate converter,
bit-perfect mode, transparent/adaptive virtual channel,
and exclusive stream. For more details, see the
&man.snd.4; manual page.</para>
<para role="7.2">The &man.agp.4; driver now supports Intel G4X series
graphics chipsets.</para>
<para role="7.2">The Direct Rendering Manager
(<application>DRM</application>), a kernel module that
gives direct hardware access to DRI clients, has been
updated. Support for AMD/ATI r500, r600, r700, and IGP
based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has
been improved.</para>
<para role="7.2">A new loader tunable <varname>hw.drm.msi</varname> has
been added to control if DRM uses MSI or not. This is set
to <literal>1</literal> (enabled) by default.</para>
<para role="7.2">The snd_au88x0(4) driver for Aureal Vortex
1/2/Advantage PCI has been removed because it has been
broken for a long time.</para>
<para role="7.2">The &man.snd.hda.4; driver has been updated. These
changes include support for multiple codecs per HDA bus,
multiple functional groups per codec, multiple audio
devices per functional group, digital (SPDIF/HDMI) audio
input/output, suspend/resume, and part of multichannel
audio.</para>
<para role="7.2">Note that due to added HDMI audio and
logical audio devices support, the updated driver often
provides several PCM devices. This means that in some
cases the system default audio device no longer
corresponds to the users's habitual audio connectors. In
such cases the default device can be specified in audio
applications' setup or defined globally via
<varname>hw.snd.default_unit</varname> sysctl variable, as
described in the &man.sound.4; manual page.</para>
<para role="7.1">The &man.agp.4; driver now supports the
Intel G33 and G45.</para>
<para role="7.1" arch="i386">The <filename>dpms(4)</filename> driver has
been added to use the VESA BIOS for DPMS during suspend and
resume.</para>
<para role="7.1">The <application>DRM</application> kernel driver now
supports i915 GME devices.</para>
</sect4>
<sect4 id="net-if">
<title>Network Interface Support</title>
<para role="8.0">The &man.bwi.4; driver has been added to
provide support for Broadcom BCM43xx IEEE 802.11b/g wireless
network interfaces.</para>
<para role="8.0" arch="sparc64">The &man.cas.4; driver has
been added to provide support for Sun Cassini/Cassini+ and
National Semiconductor DP83065 Saturn Gigabit Ethernet
devices.</para>
<para role="8.0">The &man.cxgbtool.8; now supports an
interactive mode for scripting of repeatedly performed
tasks.</para>
<para role="8.0">The &man.fxp.4; driver has been improved. Changes include:</para>
<itemizedlist>
<listitem>
<para role="8.0">The multicast filter re-programming
is now more robust.</para>
</listitem>
<listitem>
<para role="7.2">The checksum offload feature can be controlled by
&man.ifconfig.8; now.</para>
</listitem>
<listitem>
<para role="7.2">Rx checksum offload support for 82559 or later
controllers has been added.</para>
</listitem>
<listitem>
<para role="7.2">TSO (TCP Segmentation Offload) support for 82550
and 82551 controllers has been added.</para>
</listitem>
<listitem>
<para role="7.2">WoL (Wake on LAN) support for 82550, 82551, 82558,
and 82559-based controllers has been added. Note that
ICH based controllers are treated as 82559, and 82557,
earlier revisions of 82558, and 82559ER have no WoL
capability.</para>
</listitem>
<listitem>
<para role="7.2">VLAN hardware tag insertion/stripping support and
Tx/Rx checksum offload for VLAN frames support has
been added. Note that the VLAN hardware assistance is
available only on 82550 or 82551-based
controllers.</para>
</listitem>
</itemizedlist>
<para role="8.0">The &man.miibus.4; driver now supports
the Marvell 88E3016.</para>
<para role="8.0">The &man.msk.4; driver now supports Yukon
FE+ A0 including 88E8040, 88E8040T, 88E8048 and
88E8070.</para>
<para role="8.0">The &man.mwl.4; driver has been added to
provide support for Marvell 88W8363 IEEE 802.11n wireless
network devices.</para>
<para role="8.0">The &man.mxge.4; driver now supports some newer
revisions and 10GBASE-LRM and 10GBASE-Twinax media
types. The firmware version has been updated to 1.4.43.</para>
<para role="8.0">The &man.nge.4; driver has been improved and
now works on all platforms.</para>
<para role="8.0">The &man.uath.4; driver for USB wireless LAN
adapter based on Atheros AR5005UG and AR5005UX chipsets
has been added. The &man.uathload.8; utility, a firmware
loader for the Atheros USB wireless driver has also been
added.</para>
<para role="8.0">The &man.urtw.4; driver has been added to
provide support for Realtek RTL8187B/L USB IEEE 802.11b/g
wireless network devices.</para>
<para role="8.0">The &man.xl.4; driver now supports TX
checksum offload.</para>
<para role="7.2">The &man.ae.4; driver now supports WoL
(Wake on LAN).</para>
<para role="7.2" arch="amd64,i386">The &man.ale.4; driver is now
included in the <filename>GENERIC</filename>
kernel.</para>
<para role="7.2">The &man.ath.hal.4;, Atheros Hardware Access Layer,
has been updated to the open source version.</para>
<para role="7.2">The &man.axe.4; driver has been improved in
performance by eliminating extra context switches and now
supports the Apple USB Ethernet adapter.</para>
<para role="7.2">The &man.bce.4; driver's firmware has been updated to
the latest version (4.6.X).</para>
<para role="7.2">The ciphy(4) driver now supports Vitesse VSC8211
PHY.</para>
<para role="7.2">The &man.cxgb.4; driver has been updated to firmware
revision 4.7 and now supports hardware MAC
statistics.</para>
<para role="7.2">A bug in the &man.igb.4; driver, which prevented the
loader tunable <varname>hw.igb.ave_latency</varname> from
working, has been fixed.</para>
<para role="7.2">The &man.ixgbe.4; driver has been updated to
version 1.7.4.</para>
<para role="7.2">The &man.jme.4; driver now supports newer JMicron
JMC250/JMC260 revisions.</para>
<para role="7.2">The &man.msk.4; driver has been improved. An issue
which made it hang up in a certain condition has been
fixed. Hardware MAC statistics support has been added
and users can get the information via sysctl variables
named
<varname>dev.msk.<replaceable>N</replaceable>.stats</varname>.</para>
<para role="7.2">The &man.nfe.4; driver now supports hardware MAC
statistics.</para>
<para role="7.2">The &man.re.4; driver has been improved. It now
detects the link status. A new loader tunable
<varname>hw.re.prefer_iomap</varname> has been added, to
disable memory register mapping. This tunable is
<literal>0</literal> for all controllers except RTL8169SC
family.</para>
<para role="7.2">The &man.rl.4; driver has been improved. It now
detects the link status and a bug which prevented it from
working on systems with more than 4GB memory has been
fixed.</para>
<para role="7.2">A bug in &man.sis.4; on VLAN tagged frame handling has
been fixed.</para>
<para role="7.2">The &man.txp.4; driver now works on all supported
architectures. Support has been added for &man.altq.4;,
WoL, checksum offload when VLAN enabled, and link state
change handling has been improved, and new sysctl
variables
<varname>dev.txp.<replaceable>N</replaceable>.stats</varname>
for MAC statistics have been added. New sysctl variables
<varname>dev.txp.<replaceable>N</replaceable>.process_limit</varname>
has been added, to control how many received frames should
be served in Rx handler (set to 64 by default and valid
ranges are 16 to 128 in unit of frames). The firmware has
been updated to the latest version.</para>
<para role="7.1">The &man.ae.4; driver has been added to provide
support for the Attansic/Atheros L2 FastEthernet
controllers.</para>
<para role="7.1">The &man.jme.4; driver has been added to
provide support for PCIe adapters based on JMicron JMC250
gigabit Ethernet and JMC260 fast Ethernet controllers.</para>
<para role="7.1">The &man.age.4; driver has been added to
provide support for Attansic/Atheros L1 gigabit Ethernet
controller.</para>
<para role="7.1">The &man.malo.4; driver has been added to
provide support for Marvell Libertas 88W8335 based PCI network
adapters.</para>
<para role="7.1">The bm(4) driver has been added to
provide support for Apple Big Mac (BMAC) Ethernet controller,
found on various Apple G3 models.</para>
<para role="7.1">The et(4) driver has been added to
provide support for Agere ET1310 10/100/Gigabit Ethernet
controller.</para>
<para role="7.1">The &man.glxsb.4; driver has been added
to provide support for the Security Block in AMD Geode LX
processors.</para>
<para role="7.1">The &man.ale.4; driver has been added to provide support
for Atheros AR8121/AR8113/AR8114 Gigabit/Fast Ethernet controllers.
This driver is not enabled in <filename>GENERIC</filename>
kernels for this release.</para>
<para role="7.1">The &man.em.4; driver has been split into two drivers
with some common parts. The &man.em.4; driver will continue
to support adapters up to the 82575, as well as new
client/desktop adapters. A new &man.igb.4; driver
will support new server adapters.</para>
<para role="7.1">The &man.hme.4; driver has been improved.</para>
<para role="7.1">A bug in some of the &man.miibus.4; supported drivers that
IEEE 802.3 auto-negotiation was performed in a wrong order,
has been fixed. Now it chooses the correct technologies
supported by IEEE 802.3 in the order described in Annex
28B.3.</para>
<para role="7.1">A workaround has been added for a bug in TCP/UDP
hardware checksum offload of the &man.msk.4; driver for
short frames. Note that for frames that requires hardware
VLAN tag insertion, the checksum offload workaround does not
work due to changes of checksum offset in mbuf after the
VLAN tag. So disabling hardware checksum offload for the
VLAN interface is needed in such cases.</para>
<para role="7.1">The &man.ndis.4; NDIS miniport driver wrapper has been
improved.</para>
<para role="7.1">The &man.sf.4; driver has been improved and now supports
checksum offloading.</para>
<para role="7.1">The &man.stge.4; driver now supports WOL (Wake on
LAN).</para>
<para role="7.1">The &man.vr.4; driver has been improved.</para>
<para role="7.1" arch="amd64,i386"> The &man.wpi.4; driver has
been updated to include a number of stability fixes.</para>
</sect4>
</sect3>
<sect3 id="net-proto">
<title>Network Protocols</title>
<para role="8.0">The &os; netisr framework has been
reimplemented for parallel threading support. This is a
kernel network dispatch interface which allows device
drivers (and other packet sources) to direct packets to
protocols for directly dispatched or deferred processing.
The new implementation supports up to one netisr thread per
CPU, and several benchmarks on SMP machines show substantial
performance improvement over the previous version.</para>
<para role="8.0">A bug in the &man.gif.4; that EtherIP packets
sent by combination of &man.if.bridge.4; and &man.gif.4;
have a reversed version field has been fixed. If you need
to communicate with older &os; releases via EtherIP, use new
flags <literal>accept_rev_ethip_ver</literal>
and <literal>send_rev_ethip_ver</literal> to control
handling the reversed version field. These can be set by
&man.ifconfig.8 utility to &man.gif.4; interfaces. The
EtherIP implementation found on &os; 6.1, 6.2, 6.3, 7.0,
7.1, and 7.2 had an interoperability issue because it sent
the incorrect EtherIP packets and discarded the correct
ones. For more details, see &man.gif.4; manual page.</para>
<para role="8.0">The IGMPv3 and SSM (Source-Specific Multicast)
including IPv6 SSM and MLDv2 have been added. Although the
old KAME MLDv2 hooks have been replaced with the new
implementation, the related kernel programming interfaces have been
preserved.</para>
<para role="8.0">The multicast routing code has been improved
and the IPv4 and IPv6 support has been split.</para>
<para role="8.0">The &os; now supports the upcoming Wireless
Mesh standard, IEEE 802.11s. The current implementation is
based on the March 2009 D3.0 draft version.</para>
<para role="8.0">The wireless network support layer (net80211)
now uses pseudo-interfaces named as
<literal>wlan<replaceable>N</replaceable></literal> instead
of a device driver name like <literal>em0</literal>
directly. The
<literal>wlan<replaceable>N</replaceable></literal>
interface is created by &man.ifconfig.8; as an instance of
the parent interface and used for actual communication
similar to &man.vlan.4, IEEE 802.1Q VLAN network interface.
Note that multiple instances (to realize multiple BSSes with
a single AP device, for example) can be created if the
parent interface supports it. For more details, see
&man.ifconfig.8; manual page.</para>
<para role="8.0">The net80211 layer now supports TDMA for long
distance point-to-point links using &man.ath.4;
devices.</para>
<para role="8.0">An infrastructure for caching flows as a means
of accelerating L2 and L3 lookups has been added. This is
called <quote>flow table</quote> and enabled by default on
&arch.amd64 and &arch.i386; platforms. This also provides
stateful load balancing when used
with <literal>RADIX_MPATH</literal>
<para role="8.0">The &os; L2 address translation table has been
reimplemented to reduce lock contention on parallel
processing and simplify the routing logic. The new
implementation has L2 address translation tables for both
ARP (for IPv4) and NDP (for IPv6) which are separated from
the L3 routing tables, and supports flow table caches for both
the routing table and the L2 information. One of the
user-visible changes is that a concept of cloned route (a
route generated by an entry
with <literal>RTF_CLONING</literal> flag) is deprecated.
This means routing flags <literal>RTF_CLONING</literal>,
<literal>RTF_WASCLONE</literal>,
and <literal>RTF_LLINFO</literal> are obsolete.</para>
<para role="8.0">The &man.ipsec.4; subsystem now supports
NAT-Traversal (RFC 3948). This is disabled by default. To
enable this add the following kernel option and rebuild the
kernel:</para>
<programlisting>device crypto
options IPSEC
options IPSEC_NAT_T</programlisting>
<para role="7.2">IPv4 source address selection for unbound sockets has
been implemented as follows:</para>
<orderedlist>
<listitem>
<para>If we found a route, use the address corresponding
to the outgoing interface.</para>
</listitem>
<listitem>
<para role="7.2">Otherwise we assume the foreign address is reachable
on a directly connected network and try to find a
corresponding interface to take the source address
from.</para>
</listitem>
<listitem>
<para role="7.2">As a last resort use the default jail address.</para>
</listitem>
</orderedlist>
<para role="7.2">This also changes the semantics of selecting the IP for
processes within a &man.jail.8; as it now uses the same
logic as outside the &man.jail.8;.</para>
<para role="7.2">The TCP MD5 Signature Option (RFC 2385) for IPv6 has
been implemented in the same way it has been implemented for
IPv4.</para>
<para role="7.2">The &man.ng.netflow.4; Netgraph node now includes
support for generating egress netflow instead or in addition
to ingress. An <literal>NGM_NETFLOW_SETCONFIG</literal>
control message has been added to control the new
functionality.</para>
<para role="7.2">The &man.tap.4; Ethernet tunnel software network
interface now supports a new <literal>TAPGIFNAME</literal>
character device ioctl. This is a convenient shortcut to
obtain the network interface name using a file descriptor to
a character device.</para>
<para role="7.2">The &man.tap.4; now supports
<literal>SIOCSIFMTU</literal> ioctl to set a higher MTU than
1500 (ETHERMTU). This allows &man.tap.4; devices to be
added to the same bridge (which requires all interface
members to have the same MTU) with an interface configured
for jumbo frames.</para>
<para role="7.2">The domains list for handling the list of supported
domains in the &man.unix.4; (UNIX domain protocol family)
subsystem is now MPSAFE.</para>
<para role="7.1">The &man.arp.8; utility now
supports <literal>reject</literal>
and <literal>blackhole</literal> keywords. In the entry
marked as <literal>reject</literal>, traffic to the host will
be discarded and the sender will be notified the host is
unreachable. In the entry marked as <literal>blackhole</literal>,
traffic is discarded but the sender is not notified.</para>
<para role="7.1">The &man.bpf.4; now supports an
ioctl <literal>BIOCSETFNR</literal>. This is just like
<literal>BIOCSETF</literal>, but it does not drop all the
packets buffered on the descriptor and reset the
statistics.</para>
<para role="7.1">The &man.if.bridge.4; interface can limit the
number of source MACs that can be behind a bridge interface
via <literal>ifmaxaddr</literal> parameter of
&man.ifconfig.8;.</para>
<para role="7.1">A bug in the &man.carp.4; interface configuration which
leads to a system panic has been fixed.</para>
<para role="7.1">The &man.dummynet.4; subsystem now supports
<literal>fast</literal> mode operation which allows certain
packets to bypass the dummynet scheduler. This can achieve
lower latency and lower overhead when the packet flow is under
the pipe bandwidth, and eliminate recursion in the subsystem.
The new sysctl variable
<varname>net.inet.ip.dummynet.io_fast</varname> has been
added to enable this feature.</para>
<para role="7.1">The &man.enc.4; interface now supports sysctl
variables to control whether the firewalls or &man.bpf.4;
will see inner and outer headers or just inner or outer
headers for incoming and outgoing IPsec packets.</para>
<para role="7.1">The &man.gre.4; now supports
ioctls <literal>GRESKEY</literal>
and <literal>GREGKEY</literal> which allows set or get GRE
key used for outgoing packets.</para>
<para role="7.1">A bug in the &man.ipsec.4; subsystem that PMTU was broken
in those cases when there was a route with a lower MTU than
the MTU of the outgoing interface, has been fixed.</para>
<para role="7.1">The netatm subsystem has been removed due to
lacking multiprocessor support.</para>
<para role="7.1">The &man.ng.nat.4; now supports redirect functionality
in <filename>libalias</filename>. For more details, see the
manual page.</para>
<para role="7.1">The &man.ng.pptpgre.4; now supports multiple hooks like
&man.ng.l2tp.4;, to use one pair of pptpgre and ksocket nodes for all
calls between two peers.</para>
<para role="7.1">The &man.resolver.3; now allows underscore in domain
names. Although this is a violation of RFC 1034 [STD 13], it is
accepted by certain name servers as well as other popular operating
systems' resolver library.</para>
<para role="7.1">A socket option <literal>TCP_CONGESTION</literal> for TCP
sockets has been added. This is for setting and retrieving the
congestion control algorithm. The name used is to allow
compatibility with Linux.</para>
<para role="7.1">The &man.rwlock.9; has been used throughout
the <varname>inpcbinfo</varname> and <varname>inpcb</varname>
infrastructure, and protocols that depend on that
infrastructure, including UDP, TCP, and IP raw sockets to
reduce the lock contentions.</para>
<para role="7.1">The &os; now supports multiple routing tables. To
enable this, the following steps are needed:</para>
<itemizedlist role="7.1">
<listitem>
<para>Add the following kernel configuration option and
rebuild the kernel. The <literal>2</literal> is the number
of FIB (Forward Information Base, synonym for a routing
table here). The maximum value is 16.</para>
<programlisting>options ROUTETABLES=2</programlisting>
<para>The procedure for rebuilding the &os; kernel is
described in the <ulink
url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html#AEN30408">&os;
Handbook</ulink>.</para>
<para>This number can be modified on boot time. To do so, add
the following to <filename>/boot/loader.conf</filename> and
reboot the system:</para>
<programlisting>net.fibs=6</programlisting>
</listitem>
<listitem>
<para>Set a loader tunable <varname>net.my_fibnum</varname> if
needed. This means the default number of routing tables.
If not specified, <literal>0</literal> will be used.</para>
</listitem>
<listitem>
<para>Set a loader tunable
<varname>net.add_addr_allfibs</varname> if needed. This
enables to add routes to all FIBs for new interfaces by
default. When this is set to <literal>0</literal>, it will
only allocate routes on interface changes for the FIB of the
caller when adding a new set of addresses to an interface.
Note that this tunable is set to <literal>1</literal> by
default.</para>
</listitem>
</itemizedlist>
<para>To select one of the FIBs, the new &man.setfib.1; utility
can be used. This set an associated FIB with the process. For
example:</para>
<screen>&prompt.root; setfib -3 ping target.example.com</screen>
<para>The FIB #3 will be used for the &man.ping.8; command.</para>
<para>The FIB which the packet will be associated with will be
determined in the following rules:</para>
<itemizedlist role="7.1">
<listitem>
<para>All packets which have a FIB associated with them will
use the FIB. If not, FIB #0 will be used.</para>
</listitem>
<listitem>
<para>A packet received on an interface for forwarding uses
FIB #0.</para>
</listitem>
<listitem>
<para>A TCP listen socket associated with an FIB will generate
accept sockets which are associated with the same FIB.</para>
</listitem>
<listitem>
<para>A packet generated in response to other packet uses the
FIB associated with the packet being responded to.</para>
</listitem>
<listitem>
<para>A packet generated on tunnel interfaces such as
&man.gif.4; and &man.tun.4; will be encapsulated using the
FIB of the process which set up the tunnel.</para>
</listitem>
<listitem>
<para>Routing messages will be associated with the process's
FIB.</para>
</listitem>
</itemizedlist>
<para>Also, the &man.ipfw.8; now supports an action rule
<literal>setfib</literal>. The following action:</para>
<programlisting>setfib <replaceable>fibnum</replaceable></programlisting>
<para>will make the matched packet use the FIB specified in
<replaceable>fibnum</replaceable>. The rule processing
continues at the next rule.</para>
</sect3>
<sect3 id="disks">
<title>Disks and Storage</title>
<para role="8.0">The &os; CAM SCSI subsystem (&man.cam.4;) now
includes experimental support for ATA/SATA/AHCI-compliant
devices. This is disabled by default. To enable this,
adding the following kernel options to your kernel
configuration file and rebuild the kernel:</para>
<programlisting>device ahci
device siis</programlisting>
<para role="8.0">The current implementation supports
AHCI-compliant controllers and SiliconImage
SiI3124/SiI3132/SiI3531 controllers. The device node of an
ATA drive is <literal>ada</literal> and an ATAPI
drive is <literal>cd</literal>.</para>
<para role="8.0">The &os; iSCSI initiator implementation has
been improved and supports IPv6.</para>
<para role="8.0">A userland utility &man.mfiutil.8; for the
&man.mfi.4; devices has been added. This includes basic
features to monitor controller, array, and drive status,
change basic attributes, create/delete arrays and spares,
and flush the controller firmware. Note that this is a
small utility, not a replacement of MegaCLI in the Ports
Collection which is supported officially and provides more
functionality.</para>
<para role="8.0">A userland utility &man.mptutil.8; for the
&man.mpi.4; devices has been added. This includes basic
features to monitor controller, array, and drive status,
change basic attributes, and create/delete arrays and
spares.</para>
<para role="8.0">The &man.siis.4; driver has been added to
provide support for SiliconImage SiI3124/3132/3531 SATA2
controllers. It supports Serial ATA and ATAPI devices, port
multipliers (including FIS-based switching), hardware
command queues (31 commands per port) and Native Command
Queuing.</para>
<para role="7.2">The &man.ata.4; driver now supports Marvell PATA M88SX6121.</para>
<para role="7.2">The &man.ata.4; driver now recognizes nForce MCP67 and
MCP73 SATA controllers as AHCI.</para>
<para role="7.2">The &man.ataraid.4; driver now includes preliminary support
for DDF metadata found on Adaptec HostRAID controllers.
Note that spares and rebuilds are not supported yet.</para>
<para role="7.2">The &man.cam.4; SCSI subsystem now supports a new sysctl
variable <varname>kern.cam.cd.retry_count</varname>. This
controls the number of retries for the CD media. When
trying to read scratched or damaged CDs and DVDs, the
default mechanism is sub-optimal, and programs like
<application>ddrescue</application> do much better if you
turn off the retries entirely since their algorithms do it
by themselves. This value is set to <literal>4</literal>
(for a total of 5 attempts) by default. Setting it to
<literal>0</literal> turns off all retry attempts.</para>
<para role="7.2">A bug in the &man.ciss.4; driver which caused low
<quote>max device openings</quote> count and led to poor
performance has been fixed.</para>
<para role="7.2">The &man.glabel.8; GEOM class now supports a new
UFS-based label called <literal>ufsid</literal> that can be
used to reference UFS-carrying devices by the unique file
system ID. This file system ID is automatically generated
and detected when the &man.glabel.8; GEOM class is enabled. An
example of this new label is:
<filename>/dev/ufsid/48e69c8b5c8e1b43</filename>. The
benefit of using GEOM labels in general is to avoid problems
of device renaming when shifting drives or
controllers.</para>
<para role="7.2">The &man.gjournal.8; GEOM class now supports the root
file system. Previously, an unclean shutdown would make it
impossible to mount the root file system at boot.</para>
<para role="7.2">The &man.gpart.8; utility has been updated. The APM
scheme now supports Tivo Series 1 partitions (read only), a
new EBR scheme to support Extended Boot Records has been
added, the BSD scheme now support bootcode, and bugs in the
PC98 and VTOC8 schemes have been fixed.</para>
<para role="7.2">An issue in &man.gvinum.8; with access permissions
to underlying disks used by a gvinum plex has been fixed.
If the plex is a raid5 plex and is being written to, parity data might
have to be read from the underlying disks, requiring them to be opened for
reading as well as writing.</para>
<para role="7.2">The &man.hptmv.4; driver has been updated to version
1.16 from HighPoint.</para>
<para role="7.2">The &man.mmc.4; and &man.mmcsd.4; drivers now support MMC
and SDHC cards, high speed timing, wide bus, and multiblock
transfers.</para>
<para role="7.2" arch="sparc64">The &man.mpt.4; driver is now in the
<filename>GENERIC</filename> kernel.</para>
<para role="7.2">The &man.sdhci.4; driver has been added. This supports
PCI devices with class 8 and subclass 5 according to the SD
Host Controller Specification.</para>
<para role="7.2">The &man.sdhci.4; driver now supports kernel dumping and
a sysctl variable <varname>hw.sdhci.debug</varname> for debug
level.</para>
<para role="7.2">The &man.twa.4; driver now supports 64-bit DMA.</para>
<para role="7.2">The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
are now included as kernel modules.</para>
<para role="7.1">The &man.aac.4; driver now supports 64-bit array support
for RAIDs larger than 2TB and simultaneous opens of the device
for issuing commands to the controller.</para>
<para role="7.1">The &man.ata.4; driver now supports a loader variable
<varname>hw.ata.ata_dma_check_80pin</varname>. This can be
used to disable the 80pin cable check on broken systems such
as certain laptops and Soekris boards. The default value is
<literal>1</literal>.</para>
<para role="7.1">A data corruption problem of the &man.ata.4; driver on
ServerWorks HT1000 chipsets has been fixed.</para>
<para role="7.1">The &man.ciss.4; driver now supports a loader tunable
<varname>hw.ciss.nop_message_heartbeat</varname> for
NOP-message polling in <function>ciss_periodic()</function>.
This can be used as a workaround for
<literal>ADAPTER HEARTBEAT FAILED</literal> issue.
The default value is <literal>0</literal> (disabled).</para>
<para role="7.1">The <filename>geom_part</filename> GEOM class can be built
as a kernel module.</para>
<para role="7.1">The <filename>geom_linux_lvm</filename> GEOM class can be
built as a kernel module.</para>
<para role="7.1">The &man.hptrr.4; driver has been updated to version 1.2
from Highpoint.</para>
<para role="7.1">A buffer overflow in the &man.iir.4; driver has been
fixed. This likely fixes a great number of weird problems
that have been reported with this driver.</para>
<para role="7.1">The &man.mpt.4; driver now supports <literal>mpt_user</literal>
personality.</para>
<para role="7.1">The &man.rr232x.4; driver has been superseded by
&man.hptrr.4; driver.</para>
<para role="7.1">The &man.twa.4; driver has been improved with regard to
stability on machines with a plenty of memory and high CPU
load.</para>
</sect3>
<sect3 id="fs">
<title>File Systems</title>
<para role="8.0"><quote>dangerously dedicated</quote> mode for
the UFS file system is no longer supported.</para>
<important>
<para>Such disks will need to be reformatted to work with
this release.</para>
</important>
<para role="8.0">The &man.gvinum.8; now supports commands
found in the old vinum implementation including
<command>attach</command>, <command>detach</command>,
<command>start</command>, <command>stop</command>,
<command>concat</command>, <command>mirror</command>,
<command>stripe</command>, and
<command>raid5</command>.</para>
<para role="8.0">The &man.gvinum.8; now
supports <literal>grow</literal> command to make it easier
for users to extend plexes without having to understand all
of the implementation internals.</para>
<para role="8.0">The &os; NFS subsystem now
supports <literal>RPCSEC_GSS</literal> authentication on
both the client and server. This replaces the RPC
implementation of the NFS client and server with the newer
RPC implementation originally developed to support the NFS
Lock Manager. It supports both the new RPC implementation
and the older legacy implementation inherited from the
original NFS codebase and the default is to use the new one.
To use <literal>RPCSEC_GSS</literal> on either client or
server, you must build a kernel which includes
the <literal>KGSSAPI</literal> option and the &man.crypto.4;
device. For more details, see &man.gssd.8; manual
page.</para>
<para role="8.0">The &os; NFS subsystem now includes a new,
experimental implementation with support for NFSv2, NFSv3, and
NFSv4. This is not enabled by default. To enable this, add
the following kernel options to your kernel configuration
file and rebuild the kernel:</para>
<programlisting role="8.0">options NFSCL # for NFS client
options NFSD # for NFS server</programlisting>
<para role="8.0">The fstype for &man.mount.8; program is
<literal>newnfs</literal>, and &man.mount.newnfs.8; program
has also been added. The old, unmaintained NFSv4 client
based on an implementation from the University of Michigan was
removed from the &os; source tree.</para>
<para role="8.0">The &os; NFS subsystem now uses TCP as the
default transport.</para>
<para role="8.0">The shared vnode locking for pathname lookups
in the &man.VFS.9; subsystem has been improved. This is
enabled by default. Setting a sysctl variable
<varname>vfs.lookup_shared</varname> to <literal>0</literal>
disables it. Note that the
<literal>LOOKUP_SHARED</literal> kernel option equivalent to
the sysctl variable has been removed.</para>
<para role="8.0">The <application>ZFS</application> file system
has been updated to version 13. The changes include ZFS
operations by a regular user, L2ARC, ZFS Intent Log on
separated disks (slog), sparse volumes, and so on.</para>
<para role="7.2">The semantics of &man.acl.3; extended access control
lists has been changed as follows:</para>
<itemizedlist role="7.2">
<listitem>
<para>The inode modification time (mtime) is not updated
when extended attributes are added, modified, or removed.</para>
</listitem>
<listitem>
<para>The inode access time (atime) is not updated
when extended attributes are queried.</para>
</listitem>
</itemizedlist>
<para role="7.2">The &os; NFS file system now supports a sysctl variable
<varname>vfs.nfs.prime_access_cache</varname> to determine
whether or not <function>nfs_getattr()</function> will use
an ACCESS RPC to prime the access cache instead of a simple
GETATTR RPC. This is because on many NFS servers an ACCESS
RPC is much more expensive to service than a GETATTR RPC for
files in an NFSv3 mount. The sysctl variable is enabled by
default to maintain the previous behavior.</para>
<para role="7.2">The &os; UDF file system now supports a fifo.</para>
<para role="7.1">The &man.fdescfs.5; is now MPSAFE.</para>
<para role="7.1">The &man.gpart.8; now supports BSD disklabels (option
<literal>GEOM_PART_BSD</literal>) and
VTOC8 disklabels (option
<literal>GEOM_PART_VTOC8</literal>).</para>
<para role="7.1">The &man.gvinum.8; now accepts <replaceable>volume</replaceable>
parameter when creating a plex.</para>
<para role="7.1">A pathname lookup bug of a UNIX domain socket in the
<filename>unionfs(7)</filename> has been fixed.</para>
</sect3>
</sect2>
<sect2 id="userland">
<title>Userland Changes</title>
<para role="8.0">The GCC stack protection (also known as
ProPolice) has been enabled in the &os; base system.</para>
<para role="8.0">A BSD-licensed &man.ar.1; utility has been added
in favor of one in <application>GNU binutils</application> and
it is now the default utility for building the &os; base
system.</para>
<para role="8.0">The &man.awk.1; utility now supports 64 files.
The upper limit was 20 in prior releases.</para>
<para role="8.0">The &man.bsnmpd.1; program now supports OIDs
for ZFS.</para>
<para role="8.0">The &man.camcontrol.8; program now supports a
new modularized ATA kernel module and various ATA
commands.</para>
<para role="8.0">The &man.cat.1; and &man.cp.1; now use a larger
buffer if the number of pages of the physical memory on the
system is grater than 32k. This reduces the number of context
switches.</para>
<para role="8.0">A new BSD-licensed &man.cpio.1; utility has been
added in favor of <application>GNU cpio</application> and it
is now the default utility in the &os; base system.</para>
<para role="8.0">A script for the &man.crashinfo.8; utility for
simple analysis of crash dump has been added. It generates a
text file containing the output of several commands run against
the core dump such as &man.kgdb.1; (stack trace), &man.ps.1;,
&man.netstat.1;,
&man.vmstat.8;,
&man.iostat.8;,
&man.dmesg.8;,
and
&man.fstat.1;.</para>
<para role="8.0">The &man.df.1; utility's <option>-h</option>
flag now supports displaying inode counts in a human-readable
format when a flag <option>-i</option> is specified.</para>
<para role="8.0">The &man.df.1; utility now supports
a <option>-T</option> flag to display file system type in each
entry.</para>
<para role="8.0">A bug in the &man.dhclient.8; that can create a
malformed <filename>/etc/resolv.conf</filename> has been
fixed.</para>
<para role="8.0">The &man.dhclient.8; now uses an
<option>-n</option> flag when invoking &man.route.8; command.
This eliminates a long delay in the case that it gets a lease
but DNS service is not working.</para>
<para role="8.0">The &man.dhclient.8; utility now
uses <literal>68</literal> (bootpc) as the source port for
unicast <literal>DHCPREQUEST</literal> packets instead of
allowing the protocol stack to pick a random source port.
This fixes the behavior where &man.dhclient.8; would never
transition from <literal>RENEWING</literal>
to <literal>BOUND</literal> without going
through <literal>REBINDING</literal> in some networks which
has a tight policy on DHCP spoofing.</para>
<para role="8.0">The &man.env.1; utility now supports a
<option>-u <replaceable>name</replaceable></option> option
that completely unsets the given name instead of setting it to
a null value.</para>
<para role="8.0">The &man.find.1; utility now supports a number
of primaries found in <application>GNU find</application>
including <option>-ignore_readdir_race</option>,
<option>-noignore_readdir_race</option>,
<option>-noleaf</option>, <option>-gid</option>,
<option>-uid</option>, <option>-wholename</option>,
<option>-iwholename</option>, <option>-mount</option>,
<option>-d</option>, <option>-lname</option>,
<option>-ilname</option>, <option>-quit</option>,
<option>-samefile</option>, and <option>-true</option>.</para>
<para role="8.0">The &man.fsck.8; utility now supports a
<option>-r</option> flag to free up excess unused inodes.
Decreasing the number of preallocated inodes reduces the
running time of future runs of fsck and frees up space that
can allocated to files. This flag is ignored when running in
preen mode.</para>
<para role="8.0">The &man.freebsd-update.8; now supports backing
up the old kernel when installing a new kernel. The backup
kernel will be written
to <filename>/boot/kernel.old</filename> if the directory does
not exist or the directory was created by freebsd-update in a
previous backup. Otherwise the &man.freebsd-update.8; will
generate a new directory name for use by the backup. This is
enabled by default.</para>
<para role="8.0">The &man.gpt.8; program has been removed in
favor of &man.gpart.8;.</para>
<para role="8.0">The &man.gzip.1; utility now supports
uncompressing files which are created
by <application>pack</application> found in some commercial
UNIX-like systems.</para>
<para role="8.0">The &man.i2c.8; utility for diagnostics of I2C has
been added.</para>
<para role="8.0">The &man.ifconfig.8; now
supports <option>vnet</option> and <option>-vnet</option>
option to allow moving interfaces between jails with
vimage.</para>
<para role="8.0">A BSD-licensed <filename>libdwarf</filename>
library has been added for DTrace clients.</para>
<para role="8.0">The <filename>libmsun</filename> library now supports
<function>acosl()</function>,
<function>asinl()</function>,
<function>atanl()</function>,
<function>atan2l()</function>,
<function>cargl()</function>,
<function>csqrtl()</function>,
<function>fmodl()</function>,
<function>hypotl()</function>,
and
<function>remquol()</function>
functions.</para>
<para role="8.0">The <filename>libproc</filename>
library has been added for DTrace clients.</para>
<para role="8.0">The &man.mtest.8; utility now supports IPv6.</para>
<para role="8.0">The &man.mount.8; program now supports
an <option>-o
mountprog=<replaceable>filename</replaceable></option> option
to allow an alternative program to be used for mounting a file
system. This is useful for non-&man.nmount.2; based file
systems such as FUSE.</para>
<para role="8.0">The &man.nfscbd.8;, &man.nfsuserd.8;,
&man.nfsdumpstate.8;, and &man.nfsrevoke.8; utilities for the
new NFSv4 subsystem has been added.</para>
<para role="8.0">The &man.pmcannotate.8; utility has been added.
This prints out sources of a tool (in C or assembly) with
inlined profiling informations retrieved by a prior
&man.pmcstat.8; analysis.</para>
<para role="8.0">The &man.route.8; utility now
supports <command>show</command>,
<command>weights</command>, and <command>sticky</command>
commands. For more details, see the &man.route.8; manual
page.</para>
<para role="8.0">The &man.rtld.1; now supports a new
environment variable <varname>LD_ELF_HINTS_PATH</varname> for
overriding the rtld hints file. This environment variable
would be ignored if the process uses setuid and/or setgid.
This feature gives a convenient way to use a custom set of
shared library that is not in the default location.</para>
<para role="8.0">The &man.rtld.1; now supports the dynamic
string token substitution in the rpath and soneeded pathes. The
<varname>$ORIGIN</varname>,
<varname>$OSNAME</varname>,
<varname>$OSREL</varname>
and <varname>$PLATFORM</varname>
tokens are supported. Enabling
the substitution requires <literal>DF_ORIGIN</literal>
flag in <literal>DT_FLAGS</literal> or
<literal>DF_1_ORIGIN</literal> if
<literal>DF_FLAGS_1</literal>, that may be set
with <option>-z</option> origin <application>GNU
ld</application> flag. This translation is unconditionally
disabled for setuid/setgid processes.
The <varname>$ORIGIN</varname> translation relies on
the <literal>AT_EXECPATH</literal> auxinfo supplied by the
&os; kernel.</para>
<para role="8.0">It is no longer possible to create UFS
filesystems in <quote>dangerously dedicated</quote> mode using
&man.sysinstall.8; since this mode is no longer supported.</para>
<para role="8.0">&man.sysinstall.8; menus have been simplified
to reduce confusion and duplication with other parts of the
system. The <application>Xorg</application> window system
should be installed just like any other package.
Configuration of <application>Linux</application> and
<application>OSF/1</application> emulation should be done via
kernel rebuilds. Support for installation from tape media was
removed as it was believed to be broken. Obsolete code to
support <literal>OLDCARD</literal> was also
removed.</para>
<para role="8.0">&man.sysinstall.8; now understands how to use
unsliced USB drives as installation source media via
<filename>/dev/da<replaceable>X</replaceable><replaceable>a</replaceable></filename></para>
<para role="8.0">&man.sysinstall.8; now recognizes the new
<filename>/dev/ada<replaceable>X</replaceable></filename> disk
devices, if compiled into the kernel.</para>
<para role="8.0">&man.sysinstall.8; now uses the
<filename>freebsd-doc-<replaceable>*</replaceable></filename>
packages for localized documents.</para>
<para role="8.0">&man.sysinstall.8; now ejects the CDROM after
installation if it was used as source media.</para>
<para role="8.0">The &man.traceroute.8; and &man.traceroute6.8;
now support an
<option>-a</option> flag to display AS number corresponding to
the lookup IP address on each hop. It will query the number to
WHOIS server specified in <option>-A</option> option. If
no <option>-A</option> is
specified, <hostid>whois.radb.net</hostid> will be used as the
default value.</para>
<para role="8.0">The &man.tzsetup.8; now supports
an <option>-s</option> flag to skip the question about
adjusting the clock to UTC.</para>
<para role="8.0">The &man.wake.8; utility, a tool to send Wake on
LAN frames to hosts on a local Ethernet network has been
added.</para>
<para role="8.0">The &man.ypserv.8; program now
supports <filename>shadow.byname</filename>
and <filename>shadow.byuid</filename> maps.</para>
<para role="7.2">A bug in the &man.atacontrol.8; utility, which prevents it
from working when <filename>/usr</filename> is not mounted or
invoked from <filename>/rescue</filename>, has been
fixed.</para>
<para role="7.2">The &man.btpand.8; daemon from NetBSD has been added.
This daemon provides support for Bluetooth Network Access
Point (NAP), Group Ad-hoc Network (GN) and Personal Area
Network User (PANU) profiles.</para>
<para role="7.2">The &man.cpucontrol.8; utility has been added to
control &man.cpuctl.4; pseudo-device.</para>
<para role="7.2">The &man.ncal.1; utility now supports multibyte
characters.</para>
<para role="7.2">The &man.newfs.8; utility now supports
operations on a regular file.</para>
<para role="7.2">The &man.config.8; utility now supports
multiple <varname>makeoption</varname> lines.</para>
<para role="7.2">The &man.csup.1; utility now supports CVSMode to fetch a
complete CVS repository. Note that the rsync transfer mode is
currently disabled.</para>
<para role="7.2">The &man.dirname.1; utility now accepts multiple arguments
in the same way that &man.basename.1; does.</para>
<para role="7.2">The &man.du.1; utility now supports an <option>-l</option>
flag. When specified, the &man.du.1; utility counts a file
with multiple hard links as multiple different files.</para>
<para role="7.2">The &man.du.1; utility now supports an <option>-A</option> flag
to display the apparent size instead of the disk usage. This can be
helpful when operating on compressed volumes or sparse files.</para>
<para role="7.2">The &man.du.1; utility now supports a <option>-B
<replaceable>blocksize</replaceable></option> option to
calculate block counts in blocks of
<replaceable>blocksize</replaceable> bytes. This is different
from the <option>-k</option> or <option>-m</option> options or
setting <varname>BLOCKSIZE</varname> and gives an estimate of
how much space the examined file hierarchy would require on a
file system with the given
<replaceable>blocksize</replaceable>. Unless in
<option>-A</option> mode, <replaceable>blocksize</replaceable>
is rounded up to the next multiple of 512.</para>
<para role="7.2">The &man.dumpfs.8; utility now supports an
<option>-f</option> flag, which causes it to list all free
fragments in the file system by fragment (block) number. This
new mode does the necessary arithmetic to generate absolute
fragment numbers rather than the cg-relative numbers printed
in the default mode.</para>
<para role="7.2">If <option>-f</option> is passed once, contiguous fragment
ranges are collapsed into an X-Y format as free block lists
are currently printed in regular dumpfs output. If specified
twice, all block numbers are printed individually, allowing
both compact and more script-friendly representation.</para>
<para role="7.2">The &man.fetch.1; utility now supports an
<option>-i</option> flag which supports the If-Modified-Since
HTTP 1.1 request. If specified it will cause the file to be
downloaded only if it is more recent than the mtime of the
local file. Also, <application>libfetch</application> now
accepts the mtime in the url structure and a flag to indicate
when this behavior is desired.</para>
<para role="7.2">The &man.fsck.8; utility now supports a
<option>-C</option> flag for <literal>check clean</literal>
mode. This checks if the file system was dismounted cleanly
first and then skip file system checks if true. Otherwise it
does full checks.</para>
<para role="7.2">The &man.fsck.8; utility now supports a
<option>-D</option> flag for damaged recovery mode, which will
enable certain aggressive operations that can make
&man.fsck.8; to survive with file systems that has very
serious data damage. This is a useful last resort when on
disk data damage is very serious and causes &man.fsck.8; to
crash.</para>
<para role="7.2">The &man.getaddrinfo.3; function now supports SCTP.</para>
<para role="7.2">A bug was fixed in the &man.ipfw.8; utility which displays
extra messages for a NAT rule even when a <option>-q</option>
flag is specified.</para>
<para role="7.2">The &man.ln.1; utility now supports a <option>-w</option>
flag to check if the source file actually exists. When the
flag is specified and the file does not exist, &man.ln.1; will
issue a warning message.</para>
<para role="8.0">The &man.ln.1; utility now allows creating hard
links to symbolic links because the POSIX.1-2008 requires this
behavior for <option>-L</option> and <option>-P</option>
flag.</para>
<para role="8.0">The &man.lpr.1; utility now support
an <option>-m</option> flag to send an email after the job is
completed and a <option>-t</option> option to set the job
title.</para>
<para role="7.2">The &man.make.1; utility now supports a
<option>-p</option> flag to print the input graph only,
without executing any commands. The output is the same as
<option>-d g1</option>. When combined with <option>-f
/dev/null</option>, only the built-in rules of make are
displayed.</para>
<para role="7.2">The &man.make.1; utility now supports a
<option>-Q</option> flag to cause file banners not to be
generated in addition to the same effect of a
<option>-q</option> flag when a <option>-j</option> option is
specified.</para>
<para role="7.2">The &man.make.1; utility now supports the
<varname>.MAKE.JOB.PREFIX</varname> variable. If
<option>-j</option> and <option>-v</option> are specified, its
output for each target is prefixed with a token <literal>---
<replaceable>target</replaceable> ---</literal> the first part
of which can be controlled via the variable.</para>
<para role="7.2">The &man.make.1; utility now supports
<varname>.MAKE.PID</varname> and <varname>.MAKE.PPID</varname>
variable. These are set to process ID of the &man.make.1;
process and its parent process respectively.</para>
<para role="7.2">The &man.makefs.8; utility to create a file system image
from a directory tree has been added.</para>
<para role="7.2">The &man.mergemaster.8; utility now supports an
<option>-F</option> option to automatically install files that
differ only in their version control ID strings.</para>
<para role="7.2">The &man.mount.8; utility now supports an <option>-o
mountprog=<replaceable>/somewhere/mount_xxx</replaceable></option>
option to force it to use the specified program to mount the
file system instead of calling &man.nmount.2; directly. This
is useful when you want to use third party programs such as
FUSE, for example.</para>
<para role="7.2">The &man.netstat.1; utility now reports &man.unix.4;
sockets' listen queue statistics when an <option>-L</option>
flag is specified.</para>
<para role="7.2">A bug in the &man.netstat.1; utility has been fixed. It
crashed with the following options in the previous
versions:</para>
<screen role="7.2">&prompt.user; netstat -m -N foo</screen>
<para role="7.2">A bug in the &man.netstat.1; utility has been fixed. The
<option>-ss</option> option now works in the icmp6 section as
expected.</para>
<para role="7.2">The &man.pciconf.8; utility now supports a
<option>-b</option> flag, which lists any base address
registers (BAR) that are assigned resources for each
device.</para>
<para role="7.2">The &man.powerd.8; program has been improved. Changes
include reasonable CPU load estimation on SMP systems and a
new mode named as <literal>hiadaptive</literal> for AC-powered
systems. The <literal>hiadaptive</literal> mode raises the
CPU frequency twice as fast as <literal>adaptive</literal>, it
drops the CPU frequency 4 times slower, prefers twice lower
CPU load and has an additional delay before leaving the
highest frequency after the period of maximum load.</para>
<para role="8.0">The &man.revoke.1; utility has been added. This
is a wrapper of &man.revoke.2; syscall.</para>
<para role="7.2">The &man.stat.1; utility now displays an octal
representation of suid, sgid and sticky bits when the
<option>-x</option> flag is specified.</para>
<para role="7.2">The &man.strndup.3; function has been added.</para>
<para role="8.0">The &man.tftpd.8; program now supports
a <option>-W</option> option. This is almost the same as
a <option>-w</option> option but will generate unique named
based on the submitted filename, a &man.strftime.3; format
string, and a two digit sequence number. The time format
string can be set by an <option>-F</option> option.</para>
<para role="7.2">The &man.wc.1; utility now supports an <option>-L</option>
flag to output the number of characters in the longest input
line.</para>
<para role="7.2">A bug in the &man.rpc.yppasswdd.8; program, which causes
it to leave a zombie process when a password or default shell
is changed, has been fixed.</para>
<para role="7.1">The &man.adduser.8; utility now supports
a <option>-M</option> option to set the mode of a new user's
home directory.</para>
<para role="7.1">The &man.atacontrol.8; utility now supports
a <command>spindown</command> command to set or report timeout
after which the device will be spun down.</para>
<para role="7.1">The &man.chflags.1; now supports a <option>-v</option> flag for
verbose output, a <option>-f</option> flag to ignore errors,
and <option>-h</option> to allow setting flags on symbolic links
with the same semantics as (for example) &man.chmod.1;.</para>
<para role="7.1">The &man.cp.1; now supports a <option>-a</option> flag, which is
equivalent to <option>-RpP</option> flags.</para>
<para role="7.1">A bug in the &man.cp.1; utility which prevents POSIX.1e ACL (see
also &man.acl.3;) from copying properly has been fixed.</para>
<para role="7.1">The &man.cron.8; utility now supports <option>-m</option> flag which
overrides the default mail recipient for cron mails unless explicitly
provided by <literal>MAILTO=</literal> line in <filename>crontab</filename>
file.</para>
<para role="7.1">The &man.dhclient.8; now supports more options described in
&man.dhcp-options.5;.</para>
<para role="7.1">The &man.dhclient.8; now
supports <function>is_default_interface()</function> function
which determines if this interface is one with the default
route.</para>
<para role="7.1">A bug in the &man.dhclient.8; that prevents removal of the
default route from working has been fixed.</para>
<para role="7.1">The &man.environ.7;, environment array of strings now
supports unsetting a variable by setting the first character to
NULL. This is required by third-party software such as
<application>Dovecot</application>
and <application>Postfix</application>.</para>
<para role="7.1">The &man.fdisk.8; now supports a <option>-q</option> flag to
not display any warnings.</para>
<para role="7.1">The &man.fetch.1; program and <filename>libfetch</filename>
library now supports a <varname>NO_PROXY</varname> environment
variable. This specifies comma- or whitespace-separated list of
host names for which proxies should not be used. If a single
asterisk is specified, the use of proxies is disabled.</para>
<para role="7.1">The &man.ffsll.3; and &man.flsll.3; functions have been added.
These functions are the same as &man.ffs.3; and &man.fls.3; except that
they accept long long as the arguments.</para>
<para role="7.1">The &man.fortune.6; program now supports
<varname>FORTUNE_PATH</varname> environment variable to specify
search path of the fortune files.</para>
<para role="7.1">A bug in the &man.fortune.6; program that prevents
<option>-e</option> option with multiple files from working has
been fixed.</para>
<para role="7.1">The &man.freebsd-update.conf.5; now supports
<literal>IDSIgnorePaths</literal> statement.</para>
<para role="7.1">The &man.fwcontrol.8; utility now supports <option>-f
<replaceable>node</replaceable></option> option which specifies
<replaceable>node</replaceable> as the root node on the next bus
reset.</para>
<para role="7.1" arch="sparc64"> The &man.gcc.1; now
accepts <option>-mcpu</option> option properly; it was hardcoded
as <option>-mcpu=ultrasparc</option>.</para>
<para role="7.1">The &man.ifconfig.8; command now supports
display of WPS IE (Wireless Provisioning Services Information
Element).</para>
<para role="7.1">The &man.kgdb.1; command now supports
an <command>add-kld <replaceable>kld</replaceable></command>
command to locate a &man.kld.4; and load its symbols.</para>
<para role="7.1">The &man.kgdb.1; command now has a shared library backend for kernel
files that treats &man.kld.4; as shared libraries and
auto-loading symbols for &man.kld.4; on startup.</para>
<para role="7.1">The &man.kgdb.1; now supports a <command>tid</command> command
and other kernel module related commands even for a remote
target.</para>
<para role="7.1">The &man.kvm.getcptime.3; function to obtain the global CPU
time statistics from the kernel has been added.</para>
<para role="7.1">The <filename>libalias</filename> library now supports
<literal>PORT</literal> and
<literal>EPRT</literal>
FTP commands in lowercase.</para>
<para role="7.1">The &man.man.1; now includes a limited support of
&man.bzip2.1;-compressed manual pages.</para>
<para role="7.1">The &man.mdconfig.8; command now supports a
<option>-v</option> (verbose) flag to <option>-l</option>
command. It shows size and backing store of all &man.md.4;
devices at one time.</para>
<para role="7.1">The &man.memrchr.3; function has been added. This behaves
like &man.memchr.3; except that it locates the last occurrence
of the specified character in the string.</para>
<para role="7.1">The incorrect output grammar of &man.morse.6; program has
been fixed.</para>
<para role="7.1">The &man.mountd.8; utility now supports <option>-h
<replaceable>bindip</replaceable></option> option which
specifies IP addresses to bind to for TCP and UDP requests.
This option may be specified multiple times. If no
<option>-h</option> option is specified,
<literal>INADDR_ANY</literal> will be used. Note that when
specifying IP addresses with this option, it will
automatically add <literal>127.0.0.1</literal> and if IPv6 is
enabled, <literal>::1</literal> to the list.</para>
<para role="7.1">The &man.moused.8; utility now supports <option>-L</option>
flag which changes the speed of scrolling and changes
<option>-U</option> option behavior to only affect the scroll
threshold.</para>
<para role="7.1">The &man.mv.1; command now support POSIX
specification when moving a directory to an existing directory
across devices.</para>
<para role="7.1">The &man.periodic.8; now supports
<varname>daily_status_mail_rejects_shorten</varname>
configuration variable in &man.periodic.conf.5;. This allows
the rejected mail reports to tally the rejects per blacklist
without providing details about individual sender hosts. The
default configuration keeps the reports in their original
form.</para>
<para role="7.1">The &man.ping6.8; now uses exit status of
<literal>0</literal> and <literal>2</literal> in the same manner
as &man.ping.8;.</para>
<para role="7.1">The &man.ping6.8; now supports an <option>-o</option> flag,
which makes &man.ping6.8; exit successfully after receiving one
reply packet.</para>
<para role="7.1">The &man.ping6.8; now supports <option>-r</option>
and <option>-R</option> flags, which are equivalent to
&man.ping.8;'s <option>-a</option> and <option>-A</option>
flags, respectively.</para>
<para role="7.1">The minimum allowed interval of &man.ping6.8; has been
decreased to 0.000001 from 0.01.</para>
<para role="7.1">The &man.realpath.1; utility now supports
a <option>-q</option> flag to suppress warnings and
accepts multiple paths on its command line.</para>
<para role="7.1">The &man.rfcomm.pppd.8; now supports a <option>-D</option>
flag to register DUN (Dial-Up Networking) service in addition to
the LAN (LAN Access Using PPP) service.</para>
<para role="7.1">The &man.sdpd.8; now supports a <literal>NAP</literal>,
<literal>GN</literal>, and <literal>PANU</literal>
profiles.</para>
<para role="7.1">The &man.setkey.8; utility now accepts
<literal>esp</literal> as a protocol name
for the <command>spdadd</command> command.</para>
<para role="7.1">A bug in &man.telnetd.8; that caused it to
attempt authentication even when <option>-a off</option>
option is specified has been fixed.</para>
<para role="7.1">The &man.top.1; and &man.vmstat.8; commands now
support <option>-P</option> flag which displays per-CPU
statistics.</para>
<para role="7.1">The &man.uuid.enc.le.3;, &man.uuid.dec.le.3;,
&man.uuid.enc.be.3;, and &man.uuid.dec.be.3; functions have been
added. These functions encode/decode a binary representation of
a UUID.</para>
<para role="7.1">The &man.watch.8; utility now supports more than 10
&man.snp.4; devices at a time.</para>
<para role="7.1">The &man.ypserv.8; daemon now supports a
<option>-P</option> option to specify the port number on which
it should listen.</para>
<sect3 id="rc-scripts">
<title><filename>/etc/rc.d</filename> Scripts</title>
<para role="7.1">The &man.rc.conf.5; now supports
<varname>dummynet_enable</varname> variable which allow
&man.dummynet.4; kernel module to be loaded when
<varname>firewall_enable</varname> is <literal>YES</literal>.</para>
<para role="7.1">The <filename>ntpd</filename> &man.rc.8; script
can work with no configuration file
<filename>/etc/ntp.conf</filename> now.</para>
<para role="7.1">The <filename>ppp</filename> &man.rc.8;
script now supports multiple instances. For more details,
see the description of <varname>ppp_profile</varname>
variable in &man.rc.conf.5;.</para>
<para role="7.1">The <filename>sysctl</filename> &man.rc.8; script now
supports loading <filename>/etc/sysctl.conf.local</filename> in
addition to <filename>/etc/sysctl.conf</filename>.</para>
<para role="7.1">The &man.rc.conf.5; now supports configuration of
interfaces and attached networks for firewall rule set by
<filename>rc.firewall</filename> when
<varname>firewall_type</varname> is <literal>simple</literal> or
<literal>client</literal>. See
<varname>firewall_client_net</varname>,
<varname>firewall_simple_iif</varname>,
<varname>firewall_simple_inet</varname>,
<varname>firewall_simple_oif</varname>, and
<varname>firewall_simple_onet</varname>.</para>
</sect3>
</sect2>
<sect2 id="contrib">
<title>Contributed Software</title>
<para role="8.0"><application>ISC BIND</application> has been updated to
version 9.6.1rc1.</para>
<para role="8.0">The <application>ACPI-CA</application> has been
updated to 20090521.</para>
<para role="8.0">The <application>ee</application> (easy editor) has
been updated to 1.5.0. This version is now licensed under a
2-clause BSD license, instead of the Artistic license.</para>
<para role="8.0">The <application>hostapd</application> has been updated to
version 0.6.8 + radius ACL support.</para>
<para role="8.0">The <application>less</application> has been updated to
version v436.</para>
<para role="8.0">The <filename>libarchive</filename> library has
been updated to version 2.7.0.</para>
<para role="8.0">The <filename>libexpat</filename> library has
been updated from version 1.95.5 to version 2.0.1.</para>
<para role="8.0">The <filename>ncurses</filename> library has been updated
to version 5.7-20081102.</para>
<para role="8.0"><application>OpenBSM</application> 1.1 from
Trusted BSD Project has been merged.</para>
<para role="8.0"><application>TCPDUMP</application> has been
updated to 4.0.0.</para>
<para role="8.0">The timezone database has been updated
to the <application>tzdata2009f</application> release.</para>
<para role="8.0"><application>wpa_supplicant</application> has been updated to
version 0.6.8</para>
<para role="8.0">The <application>ZFS</application> file system
has been updated from version 6 to version 13.</para>
<para role="7.1">The <application>am-utils</application> has been updated from
version 6.0.10p1 to version 6.1.5.</para>
<para role="7.1">The <application>awk</application> has been updated from 1 May
2007 release to the 23 October 2007 release.</para>
<para role="7.1">The <application>bzip2</application> has been updated from
version 1.0.4 to version 1.0.5.</para>
<para role="7.1">The <application>CVS</application> has been updated to
version 1.11.22.1.</para>
<para role="7.1"><application>NTP</application> has been updated to version
4.2.4p5.</para>
<para role="7.1"><application>OpenPAM</application> has been updated from the
Figwort release to the Hydrangea release.</para>
<para role="7.1"><application>OpenSSH</application> has been updated from
version 4.5p1 to version 5.1p1.</para>
<para role="7.1">The &man.resolver.3; library has been updated to
one of <application>ISC BIND</application> 9.4.3.</para>
<para role="7.1"><application>sendmail</application> has been updated from
version 8.14.2 to version 8.14.3.</para>
</sect2>
<sect2 id="ports">
<title>Ports/Packages Collection Infrastructure</title>
<para role="7.2">A bug in the &man.pkg.create.1; utility, which
prevented the <option>-n</option> flag from working has been
fixed.</para>
<para role="7.2">The &os; Ports Collection now supports multiple
&man.make.1; jobs in some supported ports. This is
automatically enabled when a port is marked as
<varname>MAKE_JOBS_SAFE</varname> and improves CPU utilization
at the build stage by passing an option
<option>-j<replaceable>X</replaceable></option> to the top
level <filename>Makefile</filename> from the vendor. The
number <replaceable>X</replaceable> is set to the number of
CPUs by default, and can be set by users via a &man.make.1;
variable <varname>MAKE_JOBS_NUMBER</varname>. For more
details, see <filename>ports/Mk/bsd.port.mk</filename>.</para>
</sect2>
<sect2 id="releng">
<title>Release Engineering and Integration</title>
<para role="8.0">The supported version of
the <application>GNOME</application> desktop environment
(<filename role="package">x11/gnome2</filename>) has been
updated to 2.26.3.</para>
<para role="8.0">The supported version of
the <application>KDE</application> desktop environment
(<filename role="package">x11/kde4</filename>) has been
updated to 4.3.1.</para>
</sect2>
</sect1>
<sect1 id="upgrade">
<title>Upgrading from previous releases of &os;</title>
<para arch="amd64,i386">Upgrades between RELEASE versions (and
snapshots of the various security branches) are supported using
the &man.freebsd-update.8; utility. The binary upgrade
procedure will update unmodified userland utilities, as well as
unmodified GENERIC or SMP kernels distributed as a part of an
official &os; release. The &man.freebsd-update.8; utility
requires that the host being upgraded has Internet
connectivity.</para>
<para>An older form of binary upgrade is supported through the
<command>Upgrade</command> option from the main
&man.sysinstall.8; menu on CDROM distribution media. This type
of binary upgrade may be useful on non-&arch.i386;,
non-&arch.amd64; machines or on systems with no Internet
connectivity.</para>
<para>Source-based upgrades (those based on recompiling the &os;
base system from source code) from previous versions are
supported, according to the instructions in
<filename>/usr/src/UPDATING</filename>.</para>
<important>
<para>Upgrading &os; should, of course, only be attempted after
backing up <emphasis>all</emphasis> data and configuration
files.</para>
</important>
</sect1>
</article>
|