aboutsummaryrefslogtreecommitdiffstats
path: root/release/doc/en_US.ISO8859-1/relnotes/article.sgml
blob: 1f91711f5646715f0f3afb8750983611d1d336ce (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
%articles.ent;

<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
]>

<article>
  <articleinfo>
    <title>&os; &release.current; Release Notes</title>

    <corpauthor>The &os; Project</corpauthor>

    <pubdate>$FreeBSD$</pubdate>

    <copyright>
      <year>2000</year>
      <year>2001</year>
      <year>2002</year>
      <year>2003</year>
      <year>2004</year>
      <year>2005</year>
      <year>2006</year>
      <year>2007</year>
      <year>2008</year>
      <year>2009</year>
      <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
    </copyright>

    <legalnotice id="trademarks" role="trademarks">
      &tm-attrib.freebsd;
      &tm-attrib.ibm;
      &tm-attrib.ieee;
      &tm-attrib.intel;
      &tm-attrib.microsoft;
      &tm-attrib.sparc;
      &tm-attrib.general;
    </legalnotice>

    <abstract>
      <para>The release notes for &os; &release.current; contain a summary
	of the changes made to the &os; base system on the
	&release.branch; development line.
	This document lists applicable security advisories that were issued since
	the last release, as well as significant changes to the &os;
	kernel and userland.
	Some brief remarks on upgrading are also presented.</para>
    </abstract>
  </articleinfo>

  <sect1 id="intro">
    <title>Introduction</title>

    <para>This document contains the release notes for &os;
      &release.current;.  It
      describes recently added, changed, or deleted features of &os;.
      It also provides some notes on upgrading
      from previous versions of &os;.</para>

<![ %release.type.current [

    <para>The &release.type; distribution to which these release notes
      apply represents the latest point along the &release.branch; development
      branch since &release.branch; was created.  Information regarding pre-built, binary
      &release.type; distributions along this branch
      can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.snapshot [

    <para>The &release.type; distribution to which these release notes
      apply represents a point along the &release.branch; development
      branch between &release.prev; and the future &release.next;.
      Information regarding
      pre-built, binary &release.type; distributions along this branch
      can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.release [

    <para>This distribution of &os; &release.current; is a
      &release.type; distribution.  It can be found at <ulink
      url="&release.url;"></ulink> or any of its mirrors.  More
      information on obtaining this (or other) &release.type;
      distributions of &os; can be found in the <ulink
      url="&url.books.handbook;/mirrors.html"><quote>Obtaining
      &os;</quote> appendix</ulink> to the <ulink
      url="&url.books.handbook;/">&os; Handbook</ulink>.</para>

]]>

    <para>All users are encouraged to consult the release errata before
      installing &os;.  The errata document is updated with
      <quote>late-breaking</quote> information discovered late in the
      release cycle or after the release.  Typically, it contains
      information on known bugs, security advisories, and corrections to
      documentation.  An up-to-date copy of the errata for &os;
      &release.current; can be found on the &os; Web site.</para>
  </sect1>

  <sect1 id="new">
    <title>What's New</title>

    <para>This section describes the most user-visible new or changed
      features in &os; since &release.prev;.</para>

    <para>Typical release note items document recent security
      advisories issued after &release.prev;, new drivers or hardware
      support, new commands or options, major bug fixes, or
      contributed software upgrades.  They may also list changes to
      major ports/packages or release engineering practices.  Clearly
      the release notes cannot list every single change made to &os;
      between releases; this document focuses primarily on security
      advisories, user-visible changes, and major architectural
      improvements.</para>

    <sect2 id="security">
      <title>Security Advisories</title>

      <para>Problems described in the following security advisories have
	been fixed.  For more information, consult the individual
	advisories available from
	<ulink url="http://security.FreeBSD.org/"></ulink>.</para>

      <informaltable frame="none" pgwide="0">
	<tgroup cols="3">
	  <colspec colwidth="1*">
	  <colspec colwidth="1*">
	  <colspec colwidth="3*">
	    <thead>
	      <row>
		<entry>Advisory</entry>
		<entry>Date</entry>
		<entry>Topic</entry>
	      </row>
	    </thead>

	    <tbody>
	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
			      >SA-09:01.lukemftpd</ulink></entry>
		<entry>07&nbsp;January&nbsp;2009</entry>
		<entry><para>Cross-site request forgery in
		  &man.lukemftpd.8;</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
			      >SA-09:02.openssl</ulink></entry>
		<entry>07&nbsp;January&nbsp;2009</entry>
		<entry><para>OpenSSL incorrectly checks for malformed
		  signatures</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
			      >SA-09:03.ntpd</ulink></entry>
		<entry>13&nbsp;January&nbsp;2009</entry>
		<entry><para>ntpd cryptographic signature
		  bypass</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
			      >SA-09:04.bind</ulink></entry>
		<entry>13&nbsp;January&nbsp;2009</entry>
		<entry><para>BIND DNSSEC incorrect checks for
		  malformed signatures</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
			      >SA-09:05.telnetd</ulink></entry>
		<entry>16&nbsp;February&nbsp;2009</entry>
		<entry><para>telnetd code execution
		  vulnerability</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
			      >SA-09:06.ktimer</ulink></entry>
		<entry>23&nbsp;March&nbsp;2009</entry>
		<entry><para>Local privilege escalation</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
			      >SA-09:07.libc</ulink></entry>
		<entry>04&nbsp;April&nbsp;2009</entry>
		<entry><para>Information leak in &man.db.3;</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
			      >SA-09:08.openssl</ulink></entry>
		<entry>22&nbsp;April&nbsp;2009</entry>
		<entry><para>Remotely exploitable crash in
		  OpenSSL</para></entry>
	      </row>
	    </tbody>
	</tgroup>
      </informaltable>
    </sect2>

    <sect2 id="kernel">
      <title>Kernel Changes</title>

      <para>The &os; DTrace subsystem now supports a probe for
	process execution.</para>

      <para arch="amd64">The &os; kernel virtual address space has
	been increased to 6GB and the ceiling on the kmem map size
	to 3.6GB.  Note that the ceiling as a fraction of the kernel
	map size rather than an absolute quantity.</para>

      <para>The &man.kld.4; now supports installing 32-bit system
	call to the &os; system call translation layer from kernel
	modules.</para>

      <para>The &os; 32-bit system call translation layer now
	supports installing 32-bit system calls for
	<literal>VFS_AIO</literal>.</para>

      <para>The &man.ktr.4; now supports a new KTR tracepoint in the
	<literal>KTR_CALLOUT</literal> class to note when a callout
	routine finishes executing.</para>

      <sect3 id="boot">
	<title>Boot Loader Changes</title>

	<para>The &man.boot.8; now supports 4-byte volume ID that
	  certain versions of &windows; put into the MBR and invoking
	  PXE by pressing F6 key on some supported BIOSes.</para>

	<para>The &man.loader.8; is now able to obtain DHCP options
	  via &man.kenv.2; variables in the case of network boot.</para>

	<para>A bug in the &man.loader.8; has been fixed.  Now the
	  following line works as expected:</para>

	<programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
      </sect3>

      <sect3 id="proc">
	<title>Hardware Support</title>

	<para>The &man.acpi.4; subsystem now supports a &man.sysctl.8;
	  variable <varname>debug.batt.batt_sleep_ms</varname>.  On
	  some laptops with smart batteries, enabling battery
	  monitoring software causes keystrokes from &man.atkbd.4; to
	  be lost.  This sysctl variable adds a delay in millisecond
	  to the status checking code as a workaround.</para>

	<para>The &man.cpuctl.4; driver, which provides a special
	  device <filename>/dev/cpuctl</filename> as an interface to
	  the system CPU and functionality to retrieve CPUID
	  information, read/write machine specific registers (MSR) and
	  perform CPU firmware updates.</para>

	<para>The &man.cpufreq.4; driver now supports a
	  <varname>hw.est.msr_info</varname> loader tunable.  When
	  this set to <literal>1</literal>, it attempts to build a
	  simple list containing just the high and low frequencies if
	  it cannot obtain a frequency list from either ACPI or the
	  static tables.  This is disabled by default.</para>

	<para arch="amd64,i386">CPU frequency change notifiers are now
	  disabled when the TSC is P-state invariant.  Also, a new
	  loader tunable
	  <varname>kern.timecounter.invariant_tsc</varname> has been
	  added to force this behavior by setting it to
	  non-zero.</para>

	<sect4 id="mm">
	  <title>Multimedia Support</title>

	  <para>The &man.agp.4; now supports Intel G4X series graphics
	    chipsets.</para>

	  <para>The DRM, a kernel module named Direct Rendering
	    Manager that gives direct hardware access to DRI clients,
	    has been updated.  Support for AMD/ATI r500 and IGP based
	    chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been
	    improved.</para>

	  <para>The snd_au88x0(4) driver for Aureal Vortex
	    1/2/Advantage PCI has been removed because this was
	    broken for a long time.</para>

	  <para>The &man.snd.hda.4; driver has been updated.  Changes
	    include: multiple codec per HDA bus, multiple functional
	    groups per codec, multiple audio devices per functional
	    group, digital (SPDIF/HDMI) audio input/output,
	    suspend/resume, and part of multichannel audio.</para>

	  <para>Note that due to added HDMI audio and logical audio
	    devices support, updated driver often provides several PCM
	    devices.  In some cases it can make system default audio
	    device no longer corresponding to the users's habitual
	    audio connectors.  In such cases the default device can be
	    specified in audio application setup or defined globally
	    via <varname>hw.snd.default_unit sysctl</varname>
	    as described in the &man.sound.4; manual page.</para>
	</sect4>

	<sect4 id="net-if">
	  <title>Network Interface Support</title>

	  <para>The ciphy(4) driver now supports Vitesse VSC8211
	    PHY.</para>

	  <para>A bug in &man.igb.4; driver which prevents a tunable
	    <varname>hw.igb.ave_latency</varname> from working has
	    been fixed.</para>

	  <para>The &man.jme.4; driver now supports newer JMicron
	    JMC250/JMC260 revisions.</para>

	  <para>The &man.rl.4; driver has been improved.  A bug which
	    prevents it from working on systems with more than 4GB
	    memory has been fixed.</para>
	</sect4>
      </sect3>

      <sect3 id="net-proto">
	<title>Network Protocols</title>

	<para>The &man.jail.8; subsystem now supports start with a
	  specific route FIB.</para>

	<para>The &man.ng.netflow.4; Netgraph node now supports
	  ability to generate egress netflow instead or in addition to
	  ingress.  A <literal>NGM_NETFLOW_SETCONFIG</literal> control
	  message has been added to control the new functionality.</para>
      </sect3>

      <sect3 id="disks">
	<title>Disks and Storage</title>

	<para>The &man.ata.4; driver now supports Marvell PATA M88SX6121.</para>

	<para>An issue in the &man.gvinum.8; with access permissions
	  to underlying disks used by a gvinum plex has been fixed.
	  If the plex is a raid5 plex and is being written to, parity data might
	  have to be read from the underlying disks, requiring them to be opened for
	  reading as well as writing.</para>

	<para>The &man.mmc.4; and &man.mmcsd.4; driver now support MMC
	  and SDHC cards, high speed timing, wide bus, and multiblock
	  transfers.</para>

	<para>The &man.sdhci.4; driver has been added.  This supports
	  PCI devices with class 8 and subclass 5 according to SD Host
	  Controller Specification.</para>

	<para>The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
	  are now included as a kernel module.</para>
      </sect3>

      <sect3 id="fs">
	<title>File Systems</title>

	<para>The shared vnode locking for pathname lookups in
	  &man.VFS.9; subsystem has been improved.  This is disabled
	  by default.  Setting a sysctl variable
	  <varname>vfs.lookup_shared</varname> to <literal>1</literal>
	  enables it for better performance.  Note that the
	  <literal>LOOKUP_SHARED</literal> equivalent to the sysctl
	  variable kernel option has been removed.</para>
      </sect3>
    </sect2>

    <sect2 id="userland">
      <title>Userland Changes</title>

      <para>The &man.config.8; utility now supports
	multiple <varname>makeoption</varname> lines.</para>

      <para>The &man.du.1; utility now supports an <option>-l</option>
	flag.  When specified, the &man.du.1; counts a file with
	multiple hard links as multiple different files.</para>

      <para>The &man.fetch.1; utility now supports an
	<option>-i</option> flag which supports If-Modified-Since HTTP
	request.</para>

      <para>The &man.fsck.8; utility now supports a
	<option>-C</option> flag for catastrophic recovery mode, which
	will enable certain aggressive operations that can make
	&man.fsck.8; to survive with file systems that has very
	serious data damage, which is an useful last resort when on
	disk data damage is very serious and causes &man.fsck.8; to
	crash otherwise.</para>

      <para>A bug in the &man.ipfw.8; utility which displays extra
	messages for a NAT rule even when a <option>-q</option> flag
	is specified.</para>

      <para>A bug in the &man.netstat.1; utility has been fixed.  It
	crashed with the following options in the previous
	versions:</para>

      <screen>&prompt.user; netstat -m -N foo</screen>

      <para>A bug in the &man.netstat.1; utility has been fixed.  The
	<option>-ss</option> now works in the icmp6 section as
	expected.</para>

      <para>The &man.powerd.8; program has been improved.  Changes
	include reasonable CPU load estimation on SMP systems and a
	new mode named as <literal>hiadaptive</literal> for AC-powered
	systems which rises frequency twice faster, drops it 4 times
	slower, prefers twice lower CPU load and has additional delay
	before leaving the highest frequency after the period of
	maximum load.</para>

      <para>The &man.strndup.3; function has been added.</para>

      <para>The &man.wc.1; utility now supports an <option>-L</option>
	flag to output the number of characters in the longest input
	line.</para>

      <para>A bug in the &man.rpc.yppasswdd.8; program which leaves a
	zombie process when a password or default shell is changed has
	been fixed.</para>

      <sect3 id="rc-scripts">
	<title><filename>/etc/rc.d</filename> Scripts</title>

	<para></para>
      </sect3>
    </sect2>

    <sect2 id="contrib">
      <title>Contributed Software</title>

      <para><application>ISC BIND</application> has been updated to
	version 9.4.3-P2.</para>

      <para>The timezone database has been updated from
	the <application>tzdata2008h</application> release to
	the <application>tzdata2009f</application> release.</para>
    </sect2>

    <sect2 id="ports">
      <title>Ports/Packages Collection Infrastructure</title>

      <para>A bug in the &man.pkg.create.1; which prevents the
	<option>-n</option> flag from working has been fixed.</para>
    </sect2>

    <sect2 id="releng">
      <title>Release Engineering and Integration</title>

      <para>The supported version of
	the <application>GNOME</application> desktop environment
	(<filename role="package">x11/gnome2</filename>) has been
	updated from 2.22 to 2.26.</para>

      <para>The supported version of
	the <application>KDE</application> desktop environment has
	been updated from 3.5.10 (<filename
	role="package">x11/kde3</filename>) to 4.2.2 (<filename
	role="package">x11/kde4</filename>).</para>
    </sect2>

    <sect2 id="doc">
      <title>Documentation</title>

      <para></para>
    </sect2>
  </sect1>

  <sect1 id="upgrade">
    <title>Upgrading from previous releases of &os;</title>

    <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE, binary
      upgrades between RELEASE versions (and snapshots of the various
      security branches) are supported using the
      &man.freebsd-update.8; utility.  The binary upgrade procedure
      will update unmodified userland utilities, as well as unmodified
      GENERIC or SMP kernels distributed as a part of an official &os;
      release.  The &man.freebsd-update.8; utility requires that the
      host being upgraded have Internet connectivity.</para>

    <para>An older form of binary upgrade is supported through the
      <command>Upgrade</command> option from the main
      &man.sysinstall.8; menu on CDROM distribution media.  This type
      of binary upgrade may be useful on non-&arch.i386;,
      non-&arch.amd64; machines or on systems with no Internet
      connectivity.</para>

    <para>Source-based upgrades (those based on recompiling the &os;
      base system from source code) from previous versions are
      supported, according to the instructions in
      <filename>/usr/src/UPDATING</filename>.</para>

    <important>
      <para>Upgrading &os; should, of course, only be attempted after
	backing up <emphasis>all</emphasis> data and configuration
	files.</para>
    </important>
  </sect1>
</article>