FreeBSD 8.4-RELEASE Release Notes The FreeBSD Project Copyright (c) 2013 The FreeBSD Documentation Project $FreeBSD: release/8.4.0/release/doc/en_US.ISO8859-1/relnotes/article.xml 251258 2013-06-02 16:21:02Z hrs $ FreeBSD is a registered trademark of the FreeBSD Foundation. IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both. IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States. Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. SPARC, SPARC64, SPARCengine, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the "(TM)" or the "(R)" symbol. The release notes for FreeBSD 8.4-RELEASE contain a summary of the changes made to the FreeBSD base system on the 8.4-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. -------------------------------------------------------------- Table of Contents 1 Introduction 2 What's New 2.1 Security Advisories 2.2 Kernel Changes 2.2.1 Boot Loader Changes 2.2.2 Hardware Support 2.2.3 Network Protocols 2.2.4 Disks and Storage 2.2.5 File Systems 2.3 Userland Changes 2.3.1 /etc/rc.d Scripts 2.4 Contributed Software 2.5 Ports/Packages Collection Infrastructure 2.6 Release Engineering and Integration 3 Upgrading from previous releases of FreeBSD 1 Introduction This document contains the release notes for FreeBSD 8.4-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. This distribution of FreeBSD 8.4-RELEASE is a release distribution. It can be found at ftp://ftp.FreeBSD.org/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the "Obtaining FreeBSD" appendix to the FreeBSD Handbook. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 8.4-RELEASE can be found on the FreeBSD Web site. -------------------------------------------------------------- 2 What's New This section describes the most user-visible new or changed features in FreeBSD since 8.3-RELEASE. Typical release note items document recent security advisories issued after 8.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. -------------------------------------------------------------- 2.1 Security Advisories Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from http://security.FreeBSD.org/. Advisory Date Topic SA-12:01.openssl 03 May 2012 OpenSSL multiple vulnerabilities SA-12:02.crypt 30 May 2012 Incorrect crypt() hashing Incorrect handling of SA-12:03.bind 12 June 2012 zero-length RDATA fields in named(8) SA-12:04.sysret 12 June 2012 Privilege escalation when returning from kernel SA-12:05.bind 06 August 2012 named(8) DNSSEC validation Denial of Service SA-12:06.bind 22 November 2012 Multiple Denial of Service vulnerabilities with named(8) Insufficient message length SA-12:07.hostapd 22 November 2012 validation for EAP-TLS messages SA-12:08.linux 22 November 2012 Linux compatibility layer input validation error SA-13:02.libc 19 February 2013 glob(3) related resource exhaustion SA-13:03.openssl 02 April 2013 OpenSSL multiple vulnerabilities SA-13:04.bind 02 April 2013 BIND remote denial of service SA-13:05.nfsserver 29 April 2013 Insufficient input validation in the NFS server -------------------------------------------------------------- 2.2 Kernel Changes A bug which could cause a kernel thread to have a wrong CPU affinity configuration has been fixed.[r232757] loader(8) environment variables comconsole_port and comconsole_pcidev have been added. The former allows to set the base address of the serial console I/O port. The later takes the string of the format bus:device:function:[bar] as a value and uses the serial port attached as PCI device at the specified location for console. Both variants pass hw.uart.console variable to the uart(4) driver to properly hand-over the kernel console.[r245847] A new loader(8) tunable hw.broken_txfifo has been added to enable workaround for old version of QEMU and Xen which have a buggy emulated UART.[r246626] The F_DUPFD_CLOEXEC command for fcntl(2) has been implemented. This is standardized in IEEE Std 1003.1-2008 (POSIX, Single UNIX Specification Version 4). In addition to this, F_DUP2FD_CLOEXEC has been implemented in analogy with F_DUP2FD.[r239860, r239861] The filemon(4) pseudo-device has been added. This allows a process to collect file operations data of its children.[r240707] A bug in VIMAGE jail(8) which could make the network subsystem run on an wrong vnet context has been fixed.[r233584] debug.kdb.break_to_debugger and debug.kdb.alt_break_to_debugger have been added as sysctl(8) variables and loader tunables. These are disabled by default and BREAK_TO_DEBUGGER and ALT_BREAK_TO_DEBUGGER kernel options now set them enabled. These changes allow GENERIC kernel to support break-to-debugger capability.[r235121] The FreeBSD sched_ule(4) scheduler has been improved in CPU selection on systems which support SMT (Symmetric MultiThreading, also known as HyperThreading on Intel CPUs). It now prefers a logical CPU when the the other logical CPUs on the physical one are idle, and an idle CPU in an SMT CPU group always has lower priority. The CPU load calculation for load balancing has also been improved to consider highest and lowest CPU load in comparison to differentiate load in CPU groups. This change gives 10-15% performance improvement in SMT CPUs such as Core i7.[r241246] The shm_map(9) and shm_unmap(9) functions have been added to allow in-kernel code to map portions of shared memory objects created by shm_open(2) into the kernel's address space.[r236684] A new sysctl(8) variable kern.stop_scheduler_on_panic has been added. When set to 1, only one thread runs uninterruptedly after a system panic and the other CPUs are stopped. The default value is 0.[r235502] The loader(8) tunables kern.maxtsiz, kern.dfldsiz, kern.maxdsiz, kern.dflssiz, kern.maxssiz, and kern.sgrowsiz are now writable sysctl(8) variables.[r240502] A bug that changes to a mapped file with the mmap(2) system call were not flushed properly under certain circumstances has been fixed. If a process has an NFS-backed file and adds changes to it, normally the changes are written into the backing store automatically. However, the NFS client recognized the modified parts are written successfully even when the write operation was failed for some reason such as permission denied.[r233765, r234094, r236150] -------------------------------------------------------------- 2.2.1 Boot Loader Changes [amd64, i386, pc98] A bug in FreeBSD boot block has been fixed. A pathname of the third stage loader (or kernel) in the boot.config(5) configuration file could not be recognized.[r233377, r234563] A bug in loader(8) which could prevents a UFS1 filesystem on big endian platforms from booting.[r232963] [sparc64] FreeBSD loader(8) now supports heap to show the heap usage.[r235998] The gptboot boot block now reads the backup GPT header from the last LBA only when the primary GPT header and tables are invalid. This mitigates interoperability issues with some geom(4) providers like MIRROR which use the last LBA for the metadata.[r234694] [sparc64] FreeBSD/sparc64 now supports booting from ZFS via the zfsboot boot block and zfsloader.[r236077] A bug in the zfsboot boot block which could prevent -q option from working has been fixed.[r234680] The zfsboot boot block and zfsloader support filesystems within a ZFS storage pool. In zfsloader, the ZFS device name format is now zfs:pool/fs and the fully qualified file path format is zfs:pool/fs:/path/to/file. The zfsboot boot block accepts the kernel/loader name in the format pool:fs:path/to/file or, as before, pool:path/to/file. In the latter case a default filesystem is used (the pool root or a filesystem with the bootfs property). The zfsboot boot block passes the GUIDs of the selected storage pool and dataset to zfsloader to be used as its defaults.[r237765] -------------------------------------------------------------- 2.2.2 Hardware Support FreeBSD acpi(4) subsystem now uses MADT to match ACPI Processor objects to CPUs and ignores disabled cores while it is possible that MADT and DSDT/SSDTs may list CPUs in different orders. A new loader tunable debug.acpi.cpu_unordered has been added for buggy systems that do not have unique ACPI IDs for MADT and Processor objects. Setting it to 1 restores the old behavior.[r237823] [amd64] A workaround for Erratum 721 for AMD Processor Family 10h and 12h has been implemented. Under a highly specific and detailed set of internal timing conditions, the processor may incorrectly update the stack pointer after a long series of push and/or near-call instructions, or a long series of pop and/or near-return instructions.[r233799] [amd64] The extended FPU states for native 64-bit and 32-bit ABIs have been supported. AVX instructions are also enabled on capable CPUs.[r237009] [amd64, i386, pc98] The atkbdc(4) driver now supports a keyboard controller which has PnP ID PNP0320. This can be found on machines which have Japanese PS/2 keyboard with 106/109 keys.[r233795] [amd64, i386, pc98] The atkbdc(4) driver now supports Synaptics touchpad v7.5 and above.[r244982] A bug in cpufreq(4) which could prevent CPU frequency tuning from working properly has been fixed.[r233369] A bug in hwpmc(4) driver which could cause a deadlock in pmcstat(8) utility has been fixed.[r233825] The pcf8563(4) driver for the NXP (Philips) PCF8563 RTC has been added.[r236079] [amd64] The pci(4) driver now supports mapping between MSI (Message Signaled Interrupt) and HyperTransport interrupt messages on HyperTransport to PCI bus briges. This change improves handling of MSIs on AMD CPUs.[r234151] The puc(4) driver now supports Sun 1040 PCI Quad Serial, Moxa PCIe CP102E/CP102EL/CP104EL-A/CP104JU/CP114EL/CP118EL-A/CP168EL-A multiport serial boards, Advantech PCI-1602 RS-485/RS-422 serial card, and Sunix SER5437A dual serial PCI Express card.[r236651, r238775, r243009, r248041] [amd64, i386] The random(4) driver now supports VIA C3 Nehemiah random number generator on VIA Nano processors. PADLOCK kernel option has been replaced with PADLOCK_RNG in GENERIC kernel.[r240991] arch="amd64,i386">The random(4) driver now supports RDRAND instruction on Intel on-chip Digital Random Number Generator (called Bull Mountain). RDRAND_RND kernel option has been added to GENERIC kernel.[r240994] A new syscons(4) keyboard map for Danish ISO-8859-1 keyboard found on Apple MacBook has been added.[r242338] A bug in the syscons(4) driver has been fixed. It could cause a button of a USB mouse to be pressed and never released after detaching.[r246787] [amd64, i386] The uart(4) driver now supports Intel AMT Serial Port for Remote Keyboard and Text (KT) Redirection (Serial Over LAN) on Intel 4 Series Chipset family.[r233065] The uart(4) driver now supports Wacom Tablet at FuS Lifebook T, multiport serial device IrDA devices with PnP ID PNP0502, PNP0510, and PNP0511, V.34 modems based on CIR1000 Cirrus Logic chip, and MosChip MCS9904 four serial ports controller.[r242883, r243357, r244140] The uftdi(4) driver now supports BeagleBone and FT2232-based egnite Turtelizer 2 JTAG/RS232 Adapter.[r237189, r237381] The uchcom(4) driver now supports CH341/CH340 USB-Serial Bridge.[r240570] The ukbd(4) driver now supports Microsoft Natural Egronomic Keyboard 4000. It had an issue that function keys were not recognized.[r239426] The uplcom(4) driver now supports Motorola cable.[r239726] The usb(4) driver now handles suspend events synchronously. This fixed problems of suspend and resume.[r232871] The usb(4) driver now supports multi-TT mode operation, which can have one transaction translator for each downstream-facing port on a USB hub. This allows more bandwidth for isochronous FULL speed application connected through a High Speed USB HUB.[r235011] The uslcom(4) driver now supports Silicon Laboratories CP2103/CP2104/CP2105 based USB serial adapter.[r239820, r239827] [amd64, i386] The paravirtualized virtio(4) drivers have been added to GENERIC kernel. They include PCI fontend, net, block, balloon, and scsi drivers. The module files are virtio.ko, virtio_pci.ko, if_vtnet.ko, virtio_blk.ko, virtio_balloon.ko, and virtio_scsi.ko, respectively.[r239473, r247907, r247909] The wbwd(4) driver, which supports the watchdog timer found in Winbond Super I/O chips, has been added.[r235947] The xhci(4) USB driver now supports XHCI port routing on Intel 7 Series chipsets (Panther Point) and Intel 8 Series chipsets (Lynx Point). A new loader(8) tunable hw.usb.xhci.xhci_port_route has been added for routing bitmap for switching EHCI ports to XHCI controller.[r242985] The xhci(4) USB driver now supports Etron EJ168 USB 3.0 Host Controllers.[r245736] -------------------------------------------------------------- 2.2.2.1 Multimedia Support [i386] A bug in the snd_emu10kx(4) driver which could prevent it from working with PAE kernel option has been fixed.[r238674] The snd_hda(4) driver has been updated. It now supports and provides HDMI, new volume control, automatic recording source selection, runtime reconfiguration, more then 4 PCM devices on a controller, multichannel recording, additional playback/record streams, higher bandwidth, and more informative device names.[r236750, r236753] The snd_uaudio(4) driver now supports USB Audio v2.0.[r242983] The snd_uaudio(4) driver now supports Intel 8 Series chipsets (Lynx Point).[r247121] The snd_uaudio(4) driver now supports various Yamaha keyboards.[r244248] The snd_uaudio(4) driver now supports buttons such as volume up/down.[r246788] -------------------------------------------------------------- 2.2.2.2 Network Interface Support The age(4) network interface driver now supports jumbo frames.[r246725] Link state change handling in the ale(4) network driver has been improved.[r234127] The ale(4) network driver now supports flow control.[r234241] A bug in the bce(4) network driver has been fixed. It could prevent jumbo frame configuration from working.[r235424] A bug in bce(4) which could prevent IPMI (Intelligent Platform Management Interface) from working when the interface is down has been fixed.[r236217] The bce(4) network driver now supports remote PHYs, which allow the controller to perform MDIO type accesses to a remote transceiver by using message pages defined through MRBE (MultiRate Backplane Ethernet). This is found on machines such as the Dell PowerEdge M610 Blade.[r235819] A bug in the bge(4) network driver which could cause watchdog timeout on BCM5704 controller connected behind AMD 8131 PCI-X bridge has been fixed.[r233496] The bge(4) driver now supports BCM5717/5718/5719/5720/5761/57766. controllers.[r243547, r245152] A bug in if_ierrors counter in the bge(4) driver running on BCM5700, 5701, 5702, 5703, or 5704 controller has been fixed. It reported only the number of discarded packets.[r233499] A bug in bge(4) which could make the device stop working has been fixed.[r236219] [amd64, i386, pc98] cas(4), gem(4), and hme(4) drivers have been added to GENERIC kernel.[r233744] The cxgbe(4) network interface driver has been updated to firmware version 1.8.4.[r247670] A bug in statistics counters in the em(4), lem(4), and igb(4) drivers has been fixed.[r241376] The em(4) and lem(4) network interface drivers have been updated to version 7.3.7 and 2.3.9, respectively. It now supports Intel 82580 and I210/I217/I218 interfaces.[r247430] The fxp(4) network driver has been improved. It does not cause unnecessary media change in controller reconfiguration such as promiscuos mode change which leads to an extra link reestablishment.[r233502] The igb(4) network driver now attempts to attach as many CPUs as possible to each queue. If the number of CPUs are greater than or equal to the number of queues, all of queues are bound to different CPUs.[r235616] The ipheth(4) driver now supports Apple iPhone 5 tethering mode.[r242279] The iwn(4) driver now supports Intel Centrino 6150 wireless N and WiMAX chipsets, and Intel Centrino Wireless-N 100/130 devices.[r233839, r235844] The ixgbe(4) network interface driver has been updated to version 1.1.4.[r247501] A bug in ixgbe(4) network driver has been fixed. It could cause a packet loss in TCP communication when TSO (TCP Segmentation Offload) is enabled.[r235666] The mxge(4) driver has been updated to firmware version 1.4.55 from Myricom.[r236416] The oce(4) network interface driver has been updated to version 4.6.95.0.[r248062] The ral(4) network driver now supports Ralink RT2800 and RT3000 chipsets.[r236008] A bug in the re(4) and rl(4) network drivers which could cause a problem on RTL8139 family has been fixed.[r233490] A bug in the re(4) network driver which could cause intermittent link up/down on RTL8169 controller has been fixed.[r233493] The rl(4) network interface driver now supports D-Link DFE-520TX rev C1.[r245858] WoL (Wake-on-LAN) support in the rl(4) driver is now disabled by default.[r233490] The run(4) driver now supports Logitec LAN-W300NU2.[r232594] The run(4) network driver now load the firmware upon initialization, not attachment. This fixes an issue when the root filesystem is not available at the time of the device detection.[r233461] The run(4) driver has been updated to firmware verion 0.236.[r234029] The sf(4) network driver has been improved. A system load fluctuation under high network load has been fixed.[r233487] The tap(4) pseudo network interface driver now supports VIMAGE jail(8).[r237145] The u3g(4) driver now supports Qualcomm Vertex Wireless 110L modem, Qualcomm 3G modem, Qualcomm Vertex VW110L modem, SIMCom SIM5218, and Huawei K4505, K3770, E3131, E392, E3131, K3765, K4505, and ETS2055 3G modems.[r232875, r235012, r243655] The udav(4) network interface driver now supports JP1082 USB-LAN adapter.[r242984] -------------------------------------------------------------- 2.2.3 Network Protocols The bpf(4) Berkeley Packet Filter has been improved in the locking performance.[r247732] The if_bridge(4) pseudo network interface driver now supports multiple bridges in the same STP domain. It used the same MAC address as the bridge ID for all bridges on the system.[r236056] The if_bridge(4) now supports link state change notification and works with carp(4) protocol.[r236058] The net.link.bridge sysctl(8) variables can be set in loader(8) and/or loader.conf(5) now.[r236072] The default number of the bridge forwarding cache entries of the if_bridge(4) pseudo network interface driver has been increased from 100 to 2000.[r233085] The table argument in the ipfw(4) packet filter rule syntax now supports IP address, interface name, port number, and jail ID. The following syntax is valid: skipto tablearg ip from any to any via table(42) in A new sysctl(8) variable net.inet.ip.fw.tables_max has been added to specify the maximum number of tables. The default value is 128.[r234637] IP_RECVTOS socket option to receive for received UDP/IPv4 packets a cmsg of type IP_RECVTOS which contains the TOS byte has been implemented. This allows to implement a protocol on top of UDP and implementing ECN.[r247944] A bug in FreeBSD IPv6 stack has been fixed. It could cause a vlan(4) pseudo network interface to get the EUI64 part in an autoconfigured IPv6 address from an unrelated Ethernet interface on the system.[r233112] FreeBSD IPv6 stack now supports multiple FIBs. One can use setfib(1) to select a different routing table for IPv6.[r232552] A bug in reference counting of IPv6 interface routes has been fixed.[r236609, r236611, r236827] FreeBSD IPv6 stack now handles fragment packets which are not actually fragments but have Fragment Header with both the Fragment Offset and the M bit set to 0 as a regular (non-fragment) packet. For more detail, see Internet Draft draft-gont-6man-ipv6-atomic-fragments.[r238495] A bug which could cause a system panic in multicast routing in kernel with VIMAGE kernel option has been fixed. This option is disabled in GENERIC kernel.[r233605] The lagg(4) pseudo network driver now allows to set which layers are used for the load balance hash calculation. It can be set in ifconfig lagghash option in a comma-separated list. The default value is lagghash l2,l3,l4. For more detail, see ifconfig(8) manual page.[r236057] A bug in the lagg(4) pseudo network interface driver which could cause an unexpected removal of a member interface upon interface renaming has been fixed.[r238048] The ng_netflow(4) netgraph(4) node and flowctl(8) utility now supports NetFlow version 9. A new export9 hook has been added for NetFlow v9 data. Note that data export can be done simultaneously in both version 5 and version 9.[r238619, r238620] A bug in the ng_patch(4) netgraph(4) node which could cause a system panic has been fixed.[r234682] FreeBSD routing table handling has been improved. It can now perform packet forwarding even while a user application is reading the whole routing table via sysctl(8).[r235056] A loader tunable net.fibs now supports to specify the number of routing tables. The ROUTETABLES kernel option can still be used to set the default number of routing tables.[r235104] FreeBSD SCTP stack now supports ng_iface(4) and stf(4) interface.[r233245, r233246] FreeBSD SCTP stack now supports net.inet.udp.checksum sysctl(8) variable for SCTP over UDP over IPv4 encapsulation.[r234805] SO_PROTOCOL and SO_PROTOTYPE socket option have been added. These are socket level options to get the protocol number found in Linux or Solaris. For more detail, see setsockopt(2) manual page.[r232819] An issue in FreeBSD tcp(4) host cache has been fixed. It could cause extra ICMP message exchanges when an ICMP unreach is received but allocation of the corresponding TCP host cache is failed.[r235053] A sysctl(8) variable net.inet.tcp.rexmit_drop_options has been added to not drop options from the third retransmitted SYN. The default value is set to 1 for backward compatibility.[r247499] -------------------------------------------------------------- 2.2.4 Disks and Storage The ahci(4) driver now supports Marvell 88SE9220/9230/9235 PCIe 2.0 x2 6Gbps SATA controllers.[r237114] The arcmsr(4) driver has been updated to version 1.20.00.26 and now supports ARC-1214 and ARC-1224.[r244923, r247827] A bug in the amr(4) driver which could cause data corruption has been fixed.[r236319] The ata(4) driver now supports Intel 8 Series chipsets (Lynx Point).[r247099] The ata(4) driver now creates symbolic links for backward compatibility when ATA_CAM kernel option is enabled. In a kernel with ATA_CAM, an ATA/SATA disk is recognized as a device node with a name ada0 instead of ad0. A symbolic link /dev/ad0 is automatically generated for /dev/ada0 to keep backward compatibility. This symbolic link generation can be controlled by a kern.cam.ada.legacy_aliases (enabled by default when ATA_CAM is set).[r234912] The ata(4) driver now has loader(8) tunables to set initial SATA revision for the specific device. The tunable name is hint.ata.busnum.devdevnum.sata_rev for a device devnum on a bus busnum, or hint.ata.busnum.sata_rev for all devices on a bus busnum. The valid values are 1, 2, and 3, which correspond to 1.5 Gbps, 3 Gbps, and 6 Gbps.[r243124] A new sysctl(8) kern.features.ata_cam has been added. This shows whether ATA_CAM kernel option is enabled or not. This option is disabled in GENERIC kernel.[r233714] A new sysctl(8) variable kern.cam.pmp.hide_special has been added. This controls whether special PMP ports such as PMP (Port MultiPlier) configuration or SEMB (SATA Enclosure Management Bridge) will be exposed or hidden. The default value is 1 (hidden).[r236766] The cam(4) driver now uses READ CAPACITY(16) SCSI command to get device information by default when possible. This enables to detect whether Logical Block Provisioning (also known as TRIM or UNMAP) in SBC-3 (SCSI Block Commands-3) Specification is supported on the device.[r232942, r236804] The sysctl(8) variables kern.cam.da.da_send_ordered and kern.cam.ada.ada_send_ordered have been renamed with kern.cam.da.send_ordered and kern.cam.ada.send_ordered.[r247105] The da(4) driver has been improved in performance of subsequent BIO_DELETE requests handled as a single TRIM request.[r234914] [amd64, i386] The hpt27xx(4) driver has been included in GENERIC kernel.[r245941] The hptiop(4) driver has bee updated to version 1.8 and now supports HighPoint RocketRAID 4500/4311/4310/4211/4210/3560/3530.[r239159, r242216] The isci(4) driver now supports Intel C600 Serial Attached SCSI controllers with chip IDs from 0x1d6c to 0x1d6f.[r232554] A bug in the isci(4) driver which could not correctly handle READ CAPACITY(16) SCSI command for an SATA device has been fixed.[r233789] The isci(4) driver now supports SCSI UNMAP to ATA DSM translation.[r239735] A bug in isci(4) driver which could prevent smartctl (sysutils/smartmontools in the Ports Collection) from working.[r236264] The mfi(4) driver now supports LSI MegaRAID SAS cards named "Drake Skinny" and "ThunderBolt". This includes Dell PERC H810/H800/H710/H700 and Intel RAID Controller RS25DB080/RS25NB008.[r235625] A bug which could make the mpt(4) driver attach LSI MegaRAID cards which should be handled by the mfi(4) driver has been fixed.[r232563] The mfi(4) driver now supports loader(8) tunable hw.mfi.allow_cam_disk_passthrough to control raw disk attachment. The default value is 0 (disabled).[r243826] The mps(4) driver has been updated to version 14.00.00.01-fbsd. This now supports Integrated RAID, WarpDrive controllers, WRITE12 and READ12 for direct I/O, SCSI protection information (EEDP), Transport Level Retries (TLR) for tape drives, and LSI's userland utility.[r237877] [sparc64, powerpc] The mps(4) driver has been added to GENERIC kernel.[r237944, r238074] The MULTIPATH geom(4) class has been updated. It now supports Active/Active mode, Active/Read mode as hybrid of Active/Active and Active/Passive, keeping a failed path without removing the geom provider, manual configuration without on-disk metadata, and add, remove, fail, restore, configure subcommands in the gmultipath(8) utility to manage the configured paths.[r234917] The PART_LDM geom(4) class has been added. This partition scheme has support for Logical Disk Manager, which is also known as dynamic volumes in Microsoft Windows NT. Note that JBOD, RAID0, and RAID5 volumes are not supported yet.[r234407] The RAID geom(4) class now supports the DDF metadata format, which is defined in the SNIA Common RAID Disk Data Format Specification v2.0. It can read non-degraded RAID4/5/5E/5EE/5R/6/MDF volumes. An -o option in graid(8) utility can be used to specify byte order for the DDF metadata.[r235875] The RAID geom(4) class now partially supports Intel Rapid Recover Technology (Intel RRT). It is alike to RAID1, but with dedicating master and recovery disks and providing manual control over synchronization. It allows to use recovery disk as snapshot of the master disk from the time of the last sync.[r246170] The RAID geom(4) class now supports sysctl(8) variables kern.geom.raid.enable and kern.geom.raid.format. kern.geom.raid.enable is to control on-disk metadata recognition in a systemwide basis. When it is set to 1, it is enabled (the default value is 1). kern.geom.raid.format are similar variables to control enable/disable of specific metadata or transformation modules. The valid keywords for format are raid0, raid1, raid1e, raid5, and concat.[r240554, r240556] The RAID geom(4) class now supports BIO_DELETE requests.[r243679] The tmpfs(5) filesystem is not an experimental implementation anymore.[r234512] The tws(4) driver has been updated to version 10.80.00.005 from LSI.[r241763] The umass(4) driver now supports Olympus FE-210 camera, LG UP3S MP3 player, Laser MP3-2GA13 MP3, and Garmin GPS devices.[r235086, r236654] A bug in the xen(4) blkfront driver has been fixed. It could not attach on Citrix XenServer configurations that advertise the multi-page ring extension.[r233791] -------------------------------------------------------------- 2.2.5 File Systems The linprocfs(5) filesystem now supports /proc/filesystems.[r247808] Bugs in msdosfs(5) which could fail a FAT32 filesystem to mount, create a broken directory entry in a FAT32 filesystem, and prevent sync and async mount option from working, have been fixed.[r246547, r246548, r246550] Bugs in FreeBSD NFS subsystem has been fixed. They could cause stale name cache entries on an NFS client.[r233286] A memory leak when a ZFS volume is exported via the FreeBSD NFS (newnfs) server has been fixed. Note that oldnfs is used as the default NFS implementation in GENERIC kernel.[r236147] FreeBSD NFS subsystem now supports a timeout parameter on positive name cache entries on the NFS client side. nametimeo mount option has been added to specify the timeout. The default value is 60 seconds, and one can disable the positive name caching by setting it to 0.[r233327] A workaround has been implemented in FreeBSD NFS subsystem to handle a reply to an NFS create RPC which do not include file attributes under certain circumstances. This improves interoperability between non-FreeBSD NFS servers and FreeBSD NFS clients.[r235417] A bug in exports(5) handling in FreeBSD NFS subsystem has been fixed. It could cause an unintended security configuration when there are multiple export entries with different security flavors.[r241348] Several bugs in nullfs(5) which could cause a system panic have been fixed.[r232665] FreeBSD ZFS subsystem has been updated to support feature flags for ZFS pools (the SPA version is 5000). Asynchronous destroy of ZFS dataset, LZ4 compression, ZIO NOP-write optimization have been implemented as new feature. loader(8) tunables vfs.zfs.sync_pass_deferred_free, vfs.zfs.sync_pass_dont_compress, vfs.zfs.sync_pass_rewrite, and vfs.zfs.nopwrite_enabled have been added.[r243717, r244088, r247310] Note that this upgrade can cause interoperability issue when upgrading a FreeBSD 8.4 system to 9.0 or 9.1. This is because FreeBSD 9.0 and 9.1 support SPA version 28 and do not recognize version 5000. To mitigate this issue, the default SPA version for a newly created ZFS pool on FreeBSD 8.4 is set to version 28. To create a ZFS pool with version 5000, use zpool(8) upgrade command after the creation. A bug in ZFS subsystem which could cause a system panic when importing a ZFS pool has been fixed.[r246578] The sysctl(8) variable vfs.zfs.txg.timeout has been changed from read-only to writable.[r235507] -------------------------------------------------------------- 2.3 Userland Changes The load average limit in the atrun(8) utility has been set based on the number of CPUs.[r242991] The chkgrp(8) utility now supports -q flag to disable printing of text when the group format is correct.[r244064] The crontab(1) utility now waits for a second before updating the spool directory's mtime. It could happen that the modified crontab updated the mtime of the spool directory, and then crontab(1) utility updated the mtime again within a second. In this case, the crontab database is not updated properly.[r239877] The cut(1) utility now supports -w flag to specify whitespace as the delimiter.[r244305] The default dot.cshrc file for csh(1) and tcsh(1) has been changed. For more detail, see /usr/share/skel/dot.cshrc.[r234979, r242642] The daemon(8) utility now supports -r flag to restart the program if it has been terminated.[r233762] The devd(8) daemon now supports ! character in regex matching in devd.conf(5). It inverts the logic of the matching.[r247768] The devfs(5) mount now supports ruleset=number mount option and updating the existing mount by using -u flag in the mount(8) utility. This new option sets the specified ruleset number as the active ruleset of the new devfs mount and applies all its rules at mount time. If the specified ruleset doesn't exist, a new empty ruleset is created.[r233867] The du(1) utility now supports -g flag to display the results in gigabytes.[r247539] The fetch(1) utility now supports percent-encoded string in user and password component of a URL.[r235254] The maximum number of HTTP redirection has been increased from 5 to 20 in the fetch(1) utility.[r242034] The fetch(1) utility now supports HTTP status code 305 (Use Proxy) and 308 (Permanent Redirect).[r242288, r242291] A countermeasure against a possible DoS (Denial of Service) attack described in CVE-2010-2632 in the ftpd(8) daemon has been implemented.[r246357] A new environment variable PROFIL_USE_PID has been added to generate profiling data for the gprof(1) utility with a filename including the process ID.[r235084] The ifconfig(8) now supports state option for carp(4) protocol to set the state of a carp cluster. The valid keywords are master and backup.[r243466] A bug in the inetd(8) daemon which could cause wrong accounting for elapsed time has been fixed.[r236875] The inetd(8) daemon now set the listen queue size to the value of kern.ipc.somaxconn instead of hardcoded value 64.[r246403] The default ip6addrctl(8) address selection policy for IPv4 and IPv6 has been updated to one in RFC 6724.[r246599] The kdump(1) utility now supports a -p pid option to accept either a process ID or a thread ID.[r237790] The lastcomm(1) utility now supports +format option to specify strftime(3) format for process start and exit times.[r235888] The libedit library has been updated to a NetBSD snapshot as of 28 December, 2009.[r237739] The libpmc library has been updated to support more PMCs (Performance Monitoring Counters) in Intel Core i7 and Xeon 5500 family based on Intel documentatino as of October 2011. Specifically, DTLB_MISSES.PDE_MISS and DTLB_MISSES.LARGE_WALK_COMPLETED have been added.[r234045] The libradius now supports rad_bind_to(3) function.[r234555] The libusb(3) library now supports libusb_get_max_iso_packet_size(3) function.[r235017] A bug in the the libutil library has been fixed. It could prevent configuration of priority class capability in /etc/login.conf (LOGIN_SETPRIORITY in setusercontext(3) function) from working when the password is not set.[r233153] The make(1) utility has been updated to version 8201210080. It now supports -V ${VAR} variable expansion, and :tu and :tl variable modifiers.[r241368] The mktemp(1) utility now uses tmp as the default prefix when no -t is specified.[r241422] The mv(1) utility now supports -h flag. This forces it to treat a symbolic link to a directory for the target as a symbolic instead of a directory.[r241321] The pam_exec(8) module now supports return_prog_exit_status. When this option is enabled, the program exit status is used as the pam_exec(8) return code. It allows the program to tell why the step failed (user unknown, for example).[r234843] A bug in pam_unix(8) module has been fixed. It could prevent passwordtime login capability in login.conf(5) from working.[r234741] The pciconf(8) utility now supports a -e flag to display PCI error details in listing mode. When this is specified, the status of any error bits in the PCI status register and PCI-express device status register will be displayed. It also lists any errors indicated by version 1 of PCI-express Advanced Error Reporting (AER).[r237732] A workaround has been implemented in ppp(8) daemon to support some 3G modems which return a wrong signature in echo packets and make it impossible to use LQR and ECHO.[r242198] The procstat(1) utility now displays osreldate in binary information for a process.[r233953] The procstat(1) utility now displays superpage mapping flag in the process virtual memory mappings.[r238752] The procstat(1) and fstat(1) utilities now shows pathname associated with a shared memory object.[r236699] The ps(1) utility now supports cow keyword to show the number of copy-on-write faults in a process.[r236306] The ps(1) utility now supports dsiz and ssiz keywords to show data and stack size respectively.[r241159] The rarpd(8) daemon now supports vlan(4) interface and -P option to specify the PID file. When -a flag is specified, /var/run/rarpd.ifname.pid is used as the PID filename by default.[r245077] A bug in the remquo(3) functions where the quotient did not always have the correct sign when the remainder was 0, and another bug that the remainder and quotient were both off by a bit in certain cases involving subnormal remainders, have been fixed. Note that these bugs affected all platforms except amd64 and i386.[r234534] The rtld(1) dynamic linker has been improved in performance of TLS (Thread Local Storage) handling.[r233067] The setbuf(1) utility and libstdbuf library have been added. This controls the default buffering behavior of standard stdio streams.[r235141] The sh(1) program now allows underscore characters in the arithmetic expansion.[r234001] The sockstat(1) utility now supports a -j jid option to specify the socket list to be limited to a specific jail(8) ID.[r237672] A variable NO_FOO in src.conf(5) now overrides WITH_FOO.[r241969] The syslogd(8) daemon now supports IPv6 address as destination address in syslog.conf(5).[r241472] The systat(1) utility now accepts fractional number of seconds.[r243684] The tcpdrop(8) utility now accepts the address and ports to be separated by a colon or period rather than a space to permit directly pasting the output of commands such as netstat and sockstat on the command line.[r247563] The top(1) utility now displays ZFS ARC memory usage on hosts using ZFS.[r239751] A bug in traceroute(8) utility which could result in not accepting any incoming packets has been fixed.[r235163] The unzip(1) program now supports a -Z flag to enable zipinfo mode.[r234331] The usbdump(8) utility now supports filtering USB devices and USB endpoints.[r235015] The usbhidctl(1) utility now supports -z flag for reading operation. It allows to not request current values from the device, but only receive changes.[r235881] The zfs(8) list -t snapshot command has been improved dramatically in performance.[r233862] The zfs(8) get command now supports -t datatype option.[r233862] The zfs(8) jail and unjail commands now support jailnames and jailid.[r246750] The zfs(8) send command now reports transmitted data size in bytes when -v flag is specified.[r235952] Changing zfs(8) canmount property to on when dataset is already mounted does not cause remount of the ZFS dataset now.[r237457] -------------------------------------------------------------- 2.3.1 /etc/rc.d Scripts The rc.d scripts now display script filename running to standard error when SIGINFO is issued. This message was sent to standard output and could prevent redirection from working.[r232549] The rc.d/jail script now supports jail_parameters variable to specify extra parameters for each jail.[r242083] The service(8) utility now supports -R flag to restart all third party services in /usr/local/etc/rc.d.[r246609] -------------------------------------------------------------- 2.4 Contributed Software AWK has been updated to 20121220.[r246374] ISC BIND has been updated to version 9.8.4-P2.[r248807] BZIP2 has been updated to version 1.0.6.[r247448] TENEX C shell (tcsh(1)) has been updated to version 6.18.01.[r232635] LESS (less(1)) has been updated to version v451.[r240160] libexpat has been updated to version 2.1.0.[r247514] netcat has been updated to a version as of OpenBSD 5.2.[r243819] OpenSSH has been updated to version 6.1.[r247521] OpenSSL has been updated to version 0.9.8y.[r248057] sendmail has been updated to version 8.14.7.[r250167] The timezone database has been updated to tzdata2012j release.[r243006] XZ has been updated to version 5.0.4.[r245129] -------------------------------------------------------------- 2.5 Ports/Packages Collection Infrastructure The pkg(8) command has been added. This is used as a bootstrap tool for ports-mgmt/pkg in the Ports Collection.[r239563] The pkg_add(1) utility now suports PACKAGESUFFIX to specify extension in a package filename.[r240674] The pkg_create(1) program now allows a relative pathname in the -p option.[r233686] -------------------------------------------------------------- 2.6 Release Engineering and Integration The supported version of the KDE desktop environment (x11/kde4) has been updated from 4.7.4 to 4.10.1. -------------------------------------------------------------- 3 Upgrading from previous releases of FreeBSD [amd64, i386] Upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded has Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main sysinstall(8) menu on CDROM distribution media. This type of binary upgrade may be useful on non-i386, non-amd64 machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files. -------------------------------------------------------------- This file, and other release-related documents, can be downloaded from ftp://ftp.FreeBSD.org/. For questions about FreeBSD, read the documentation before contacting . For questions about this documentation, e-mail .