aboutsummaryrefslogtreecommitdiffstats
path: root/release/doc/en_US.ISO8859-1/relnotes/article.sgml
blob: 37aeb3069362cdbf461df5eb86604e9708fd6098 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
%articles.ent;

<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
]>

<article>
  <articleinfo>
    <title>&os; &release.current; Release Notes</title>

    <corpauthor>The &os; Project</corpauthor>

    <pubdate>$FreeBSD$</pubdate>

    <copyright>
      <year>2000</year>
      <year>2001</year>
      <year>2002</year>
      <year>2003</year>
      <year>2004</year>
      <year>2005</year>
      <year>2006</year>
      <year>2007</year>
      <year>2008</year>
      <year>2009</year>
      <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
    </copyright>

    <legalnotice id="trademarks" role="trademarks">
      &tm-attrib.freebsd;
      &tm-attrib.ibm;
      &tm-attrib.ieee;
      &tm-attrib.intel;
      &tm-attrib.microsoft;
      &tm-attrib.sparc;
      &tm-attrib.general;
    </legalnotice>

    <abstract>
      <para>The release notes for &os; &release.current; contain a summary
	of the changes made to the &os; base system on the
	&release.branch; development line.
	This document lists applicable security advisories that were issued since
	the last release, as well as significant changes to the &os;
	kernel and userland.
	Some brief remarks on upgrading are also presented.</para>
    </abstract>
  </articleinfo>

  <sect1 id="intro">
    <title>Introduction</title>

    <para>This document contains the release notes for &os;
      &release.current;.  It
      describes recently added, changed, or deleted features of &os;.
      It also provides some notes on upgrading
      from previous versions of &os;.</para>

<![ %release.type.current [

    <para>The &release.type; distribution to which these release notes
      apply represents the latest point along the &release.branch; development
      branch since &release.branch; was created.  Information regarding pre-built, binary
      &release.type; distributions along this branch
      can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.snapshot [

    <para>The &release.type; distribution to which these release notes
      apply represents a point along the &release.branch; development
      branch between &release.prev; and the future &release.next;.
      Information regarding
      pre-built, binary &release.type; distributions along this branch
      can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.release [

    <para>This distribution of &os; &release.current; is a
      &release.type; distribution.  It can be found at <ulink
      url="&release.url;"></ulink> or any of its mirrors.  More
      information on obtaining this (or other) &release.type;
      distributions of &os; can be found in the <ulink
      url="&url.books.handbook;/mirrors.html"><quote>Obtaining
      &os;</quote> appendix</ulink> to the <ulink
      url="&url.books.handbook;/">&os; Handbook</ulink>.</para>

]]>

    <para>All users are encouraged to consult the release errata before
      installing &os;.  The errata document is updated with
      <quote>late-breaking</quote> information discovered late in the
      release cycle or after the release.  Typically, it contains
      information on known bugs, security advisories, and corrections to
      documentation.  An up-to-date copy of the errata for &os;
      &release.current; can be found on the &os; Web site.</para>
  </sect1>

  <sect1 id="new">
    <title>What's New</title>

    <para>This section describes the most user-visible new or changed
      features in &os; since &release.prev;.</para>

    <para>Typical release note items document recent security
      advisories issued after &release.prev;, new drivers or hardware
      support, new commands or options, major bug fixes, or
      contributed software upgrades.  They may also list changes to
      major ports/packages or release engineering practices.  Clearly
      the release notes cannot list every single change made to &os;
      between releases; this document focuses primarily on security
      advisories, user-visible changes, and major architectural
      improvements.</para>

    <sect2 id="security">
      <title>Security Advisories</title>

      <para>Problems described in the following security advisories have
	been fixed.  For more information, consult the individual
	advisories available from
	<ulink url="http://security.FreeBSD.org/"></ulink>.</para>

      <informaltable frame="none" pgwide="0">
	<tgroup cols="3">
	  <colspec colwidth="1*">
	  <colspec colwidth="1*">
	  <colspec colwidth="3*">
	    <thead>
	      <row>
		<entry>Advisory</entry>
		<entry>Date</entry>
		<entry>Topic</entry>
	      </row>
	    </thead>

	    <tbody>
	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
			      >SA-09:01.lukemftpd</ulink></entry>
		<entry>07&nbsp;January&nbsp;2009</entry>
		<entry><para>Cross-site request forgery in
		  &man.lukemftpd.8;</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
			      >SA-09:02.openssl</ulink></entry>
		<entry>07&nbsp;January&nbsp;2009</entry>
		<entry><para>OpenSSL incorrectly checks for malformed
		  signatures</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
			      >SA-09:03.ntpd</ulink></entry>
		<entry>13&nbsp;January&nbsp;2009</entry>
		<entry><para>ntpd cryptographic signature
		  bypass</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
			      >SA-09:04.bind</ulink></entry>
		<entry>13&nbsp;January&nbsp;2009</entry>
		<entry><para>BIND DNSSEC incorrect checks for
		  malformed signatures</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
			      >SA-09:05.telnetd</ulink></entry>
		<entry>16&nbsp;February&nbsp;2009</entry>
		<entry><para>telnetd code execution
		  vulnerability</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
			      >SA-09:06.ktimer</ulink></entry>
		<entry>23&nbsp;March&nbsp;2009</entry>
		<entry><para>Local privilege escalation</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
			      >SA-09:07.libc</ulink></entry>
		<entry>04&nbsp;April&nbsp;2009</entry>
		<entry><para>Information leak in &man.db.3;</para></entry>
	      </row>

	      <row>
		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
			      >SA-09:08.openssl</ulink></entry>
		<entry>22&nbsp;April&nbsp;2009</entry>
		<entry><para>Remotely exploitable crash in
		  OpenSSL</para></entry>
	      </row>
	    </tbody>
	</tgroup>
      </informaltable>
    </sect2>

    <sect2 id="kernel">
      <title>Kernel Changes</title>

      <para>The &man.ddb.8; kernel debugger now supports a
	<command>show mount</command> subcommand.</para>

      <para>The &os; DTrace subsystem now supports a probe for
	process execution.</para>

      <para arch="amd64">The &os; kernel virtual address space has
	been increased to 6GB.  This allows subsystems to use larger
	virtual memory space than before.  For example, &man.zfs.8;
	adaptive replacement cache (ARC) requires large kernel memory
	space to cache file system data, so it benefits from the
	increased address space.  Note that the ceiling on the kernel
	map size is now 60% of the size rather than an absolute
	quantity.</para>

      <para>The &man.jail.8; subsystem has been updated.  Changes include:</para>

      <itemizedlist>
	<listitem>
	  <para>Multiple addresses of both IPv4 and IPv6 per jail has
	    been supported.  It is even possible to have jails without
	    an IP address at all, which basically gives one a chrooted
	    environment with restricted process view and no
	    networking.</para>
	</listitem>

	<listitem>
	  <para>SCTP (&man.sctp.4;) with IPv6 in jails has been
	    implemented.</para>
	</listitem>

	<listitem>
	  <para>Specific CPU binding by using &man.cpuset.1; has been
	    implemented.  Note that the current implementation allows
	    the superuser inside of the jail to change the CPU
	    bindings specified.  This behavior will be fixed in the
	    next release.</para>
	</listitem>

	<listitem>
	  <para>A &man.jail.8; can start with a specific route
	    FIB now.</para>
	</listitem>

	<listitem>
	  <para>A <literal>show jails</literal> subcommand in
	    &man.ddb.8; has been added.</para>
	</listitem>

	<listitem>
	  <para>Compatibility support which permits 32-bit jail
	    binaries to be used on 64-bit systems to manage jails has
	    been added.</para>
	</listitem>

	<listitem>
	  <para>Note that both version numbers of
	    <literal>jail</literal> and <literal>prison</literal> in
	    the &man.jail.8; have been updated for the new
	    features.</para>
	</listitem>
      </itemizedlist>

      <para>The &man.kld.4; now supports installing 32-bit system
	calls to the &os; system call translation layer from kernel
	modules.</para>

      <para>The &man.ktr.4; now supports a new KTR tracepoint in the
	<literal>KTR_CALLOUT</literal> class to note when a callout
	routine finishes executing.</para>

      <para>Types of variables used to track the amount of allocated
	System V shared memory have been changed from
	<literal>int</literal> to <literal>size_t</literal>.  This
	makes it possible to use more than 2 GB of memory for shared
	memory segments on 64-bit architectures.  Please note the new
	BUGS section in &man.shmctl.2; and
	<filename>/usr/src/UPDATING</filename> for limitations of this
	temporary solution.</para>

      <para>The &man.sysctl.3; leaf nodes have a flag to tag
	themselves as MPSAFE now.</para>

      <para>The &os; 32-bit system call translation layer now
	supports installing 32-bit system calls for
	<literal>VFS_AIO</literal>.</para>

      <para arch="amd64,i386">The &os; virtual memory subsystem now
	supports fully transparent use of
	<application>superpages</application> for application memory;
	application memory pages are dynamically promoted to or
	demoted from superpages without any modification to
	application code.  This change offers the benefit of large
	page sizes such as improved virtual memory efficiency and
	reduced TLB (translation lookaside buffer) misses without
	downsides like application changes and virtual memory
	inflexibility.  This is disabled by default and can be enabled
	by setting a loader tunable
	<varname>vm.pmap.pg_ps_enabled</varname> to
	<literal>1</literal>.</para>

      <sect3 id="boot">
	<title>Boot Loader Changes</title>

	<para>The &man.boot.8; now supports 4-byte volume ID that
	  certain versions of &windows; put into the MBR and invoking
	  PXE by pressing F6 key on some supported BIOSes.</para>

	<para arch="i386">The &man.boot.8; BTX loader has been
	  improved.  This fixes several boot issues on recent machines
	  reported for 7.1-RELEASE and before.</para>

	<para>The &man.loader.8; is now able to obtain DHCP options
	  from network boot via &man.kenv.2; variables.</para>

	<para>A bug in the &man.loader.8; has been fixed.  Now the
	  following line works as expected:</para>

	<programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
      </sect3>

      <sect3 id="proc">
	<title>Hardware Support</title>

	<para arch="sparc64">The &os; now supports Ultra SPARC III
	  (Cheetah) processor family.</para>

	<para>The &man.acpi.4; subsystem now supports a &man.sysctl.8;
	  variable <varname>debug.batt.batt_sleep_ms</varname>.  On
	  some laptops with smart batteries, enabling battery
	  monitoring software causes keystrokes from &man.atkbd.4; to
	  be lost.  This sysctl variable adds a delay in millisecond
	  to the status checking code as a workaround.</para>

	<para>The &man.acpi.asus.4; driver now supports Asus A8Sr
	  notebooks.</para>

	<para arch="powerpc">Support for the AltiVec, a floating point
	  and integer SIMD instruction set has been added.</para>

	<para>The &man.cpuctl.4; driver, which provides a special
	  device <filename>/dev/cpuctl</filename> as an interface to
	  the system CPU has been added.  The &man.cpuctl.4;
	  functionality includes the ability to retrieve CPUID
	  information, read/write machine specific registers (MSR),
	  and perform CPU firmware updates.</para>

	<para>The &man.cpufreq.4; driver now supports an
	  <varname>hw.est.msr_info</varname> loader tunable.  When
	  this is set to <literal>1</literal>, it attempts to build a
	  simple list containing just the high and low frequencies if
	  it cannot obtain a frequency list from either ACPI or the
	  static tables.  This is disabled by default.</para>

	<para arch="amd64,i386">CPU frequency change notifiers are now
	  disabled when the TSC is P-state invariant.  Also, a new
	  loader tunable
	  <varname>kern.timecounter.invariant_tsc</varname> has been
	  added to force this behavior by setting it to
	  non-zero.</para>

	<para>The &man.atkbd.4; driver now disables the interrupt
	  handler which is called from the keyboard callback function
	  when polled mode is enabled.  This fixes the problem of
	  duplicated/missing characters at the mountroot prompt on
	  multi CPU systems while &man.kbdmux.4; is enabled.</para>

	<para>In the &man.pci.4; subsystem INTx is now disabled when
	  MSI/MSIX is enabled.  This change fixes interrupt storm
	  related issues.</para>

	<para arch="sparc64">The schizo(4) driver for Schizo
	  Fireplane/Safari to PCI 2.1 and Tomatillo JBus to PCI 2.2
	  bridges has been added.</para>

	<para>The &man.u3g.4; driver for USB based 3G cards and
	  dongles including Vodafone Mobile Connect Card 3G, Qualcomm
	  CDMA MSM, Huawei E220, Novatel U740, Sierra MC875U, and so
	  on has been added.  This provides support for the multiple
	  USB-to-serial interfaces exposed by many 3G USB/PC Card
	  modems, and the device is accessed through the &man.ucom.4;
	  driver which makes it behave like a &man.tty.4;.</para>

	<para>The &man.sched.ule.4; scheduler now supports a loader
	  tunable <varname>machdep.hyperthreading_enabled</varname> as
	  the &man.sched.4bsd.4; does.  Note that it cannot be
	  modified at run-time.</para>

	<sect4 id="mm">
	  <title>Multimedia Support</title>

	  <para>The &man.agp.4; driver now supports Intel G4X series
	    graphics chipsets.</para>

	  <para>The DRM, a kernel module named Direct Rendering
	    Manager that gives direct hardware access to DRI clients,
	    has been updated.  Support for AMD/ATI r500, r600, r700,
	    and IGP based chips, XGI V3XE/V5/V8, and Intel i915
	    chipsets has been improved.</para>

	  <para>A new loader tunable <varname>hw.drm.msi</varname> has
	    been added to control if DRM uses MSI or not.  This is set
	    to <literal>1</literal> (enabled) by default.</para>

	  <para>The snd_au88x0(4) driver for Aureal Vortex
	    1/2/Advantage PCI has been removed because this was
	    broken for a long time.</para>

	  <para>The &man.snd.hda.4; driver has been updated.  This
	    changes include support for multiple codec per HDA bus,
	    multiple functional groups per codec, multiple audio
	    devices per functional group, digital (SPDIF/HDMI) audio
	    input/output, suspend/resume, and part of multichannel
	    audio.</para>

	  <para>Note that due to added HDMI audio and logical audio
	    devices support, the updated driver often provides several
	    PCM devices.  This means that in some cases the system
	    default audio device no longer corresponds to the users's
	    habitual audio connectors.  In such cases the default
	    device can be specified in audio applications' setup or
	    defined globally via <varname>hw.snd.default_unit
	    sysctl</varname>, as described in the &man.sound.4; manual
	    page.</para>
	</sect4>

	<sect4 id="net-if">
	  <title>Network Interface Support</title>

	  <para>The &man.ae.4; driver now supports WoL
	    (Wake on LAN).</para>

	  <para arch="amd64,i386">The &man.ale.4; driver is now
	    included in the <filename>GENERIC</filename>
	    kernel.</para>

	  <para>The &man.ath.hal.4;, Atheros Hardware Access Layer,
	    has been updated to the open source version.</para>

	  <para>The &man.axe.4; driver has been improved in
	    performance by eliminating extra context switches and now
	    supports Apple USB Ethernet adapter.</para>

	  <para>The &man.bce.4; driver's firmware has been updated to
	    the latest version (4.6.X).</para>

	  <para>The ciphy(4) driver now supports Vitesse VSC8211
	    PHY.</para>

	  <para>The &man.cxgb.4; driver has been updated to firmware
	    revision 4.7 and now supports hardware MAC
	    statistics.</para>

	  <para>The &man.fxp.4; driver has been improved.  Changes include:</para>

	  <itemizedlist>
	    <listitem>
	      <para>The checksum offload feature can be controlled by
		&man.ifconfig.8; now.</para>
	    </listitem>

	    <listitem>
	      <para>Rx checksum offload support for 82559 or later
		controllers has been added.</para>
	    </listitem>

	    <listitem>
	      <para>TSO (TCP Segmentation Offload) support for 82550
		and 82551 controllers has been added.</para>
	    </listitem>

	    <listitem>
	      <para>WoL (Wake on LAN) support for 82550, 82551, 82558,
		and 82559-based controllers has been added.  Note that
		ICH based controllers are treated as 82559, and 82557,
		earlier revisions of 82558, and 82559ER have no WoL
		capability.</para>
	    </listitem>

	    <listitem>
	      <para>VLAN hardware tag insertion/stripping support and
		Tx/Rx checksum offload for VLAN frames support have
		been added.  Note that the VLAN hardware assistance is
		available only on 82550 or 82551-based
		controllers.</para>
	    </listitem>
	  </itemizedlist>

	  <para>A bug in the &man.igb.4; driver, which prevents the
	    loader tunable <varname>hw.igb.ave_latency</varname> from
	    working, has been fixed.</para>

	  <para>The &man.ixgbe.4; driver has been updated to
	    version 1.7.4.</para>

	  <para>The &man.jme.4; driver now supports newer JMicron
	    JMC250/JMC260 revisions.</para>

	  <para>The &man.msk.4; driver has been improved.  An issue
	    which makes it hang up in a certain condition has been
	    fixed.  Hardware MAC statistics support has been added
	    and users can get the information via sysctl variables
	    named
	    <varname>dev.msk.<replaceable>N</replaceable>.stats</varname>.</para>

	  <para>The &man.mxge.4; driver now supports some newer
	    revisions and 10GBASE-LRM and 10GBASE-Twinax media
	    types.</para>

	  <para>The &man.nfe.4; driver now supports hardware MAC
	    statistics.</para>

	  <para>The &man.re.4; driver has been improved.  It now
	    detects the link status.  A new loader tunable
	    <varname>hw.re.prefer_iomap</varname> has been added, to
	    disable memory register mapping.  This tunable is
	    <literal>0</literal> for all controllers except RTL8169SC
	    family.</para>

	  <para>The &man.rl.4; driver has been improved.  It now
	    detects the link status and a bug which prevents it from
	    working on systems with more than 4GB memory has been
	    fixed.</para>

	  <para>A bug in &man.sis.4; on VLAN tagged frame handling has
	    been fixed.</para>

	  <para>The &man.txp.4; driver now works on all supported
	    architectures.  Support has been added for &man.altq.4;,
	    WoL, checksum offload when VLAN enabled, and link state
	    change handling has been improved, and new sysctl
	    variables
	    <varname>dev.txp.<replaceable>N</replaceable>.stats</varname>
	    for MAC statistics have been added.  New sysctl variables
	    <varname>dev.txp.<replaceable>N</replaceable>.process_limit</varname>
	    has been added, to control how many received frames should
	    be served in Rx handler (set to 64 by default and valid
	    ranges are 16 to 128 in unit of frames).  The firmware has
	    been updated to the latest version.</para>
	</sect4>
      </sect3>

      <sect3 id="net-proto">
	<title>Network Protocols</title>

	<para>IPv4 source address selection for unbound sockets has
	  been implemented as follows:</para>

	<orderedlist>
	  <listitem>
	    <para>If we found a route, use the address corresponding
	      to the outgoing interface.</para>
	  </listitem>

	  <listitem>
	    <para>Otherwise we assume the foreign address is reachable
	      on a directly connected network and try to find a
	      corresponding interface to take the source address
	      from.</para>
	  </listitem>

	  <listitem>
	    <para>As a last resort use the default jail address.</para>
	  </listitem>
	</orderedlist>

	<para>This also changes the semantics of selecting the IP for
	  processes within a &man.jail.8; as it now uses the same
	  logic as outside the &man.jail.8;.</para>

	<para>The TCP MD5 Signature Option (RFC 2385) for IPv6 has
	  been implemented in the same way it has been implemented for
	  IPv4.</para>

	<para>The &man.ng.netflow.4; Netgraph node now includes
	 support for generating egress netflow instead or in addition
	 to ingress.  An <literal>NGM_NETFLOW_SETCONFIG</literal>
	 control message has been added to control the new
	 functionality.</para>

	<para>The &man.tap.4; Ethernet tunnel software network
	  interface now supports a new <literal>TAPGIFNAME</literal>
	  character device ioctl.  This is a convenient shortcut to
	  obtain the network interface name using a file descriptor to
	  a character device.</para>

	<para>The &man.tap.4; now supports
	  <literal>SIOCSIFMTU</literal> ioctl to set a higher MTU than
	  1500 (ETHERMTU).  This allows &man.tap.4; devices to be
	  added to the same bridge (which requires all interface
	  members to have the same MTU) with an interface configured
	  for jumbo frames.</para>

	<para>The domains list for handling the list of supported
	  domains in the &man.unix.4; (UNIX domain protocol family)
	  subsystem is now MPSAFE.</para>
      </sect3>

      <sect3 id="disks">
	<title>Disks and Storage</title>

	<para>The &man.ata.4; driver now supports Marvell PATA M88SX6121.</para>

	<para>The &man.ata.4; driver now recognizes nForce MCP67 and
	  MCP73 SATA controllers as AHCI.</para>

	<para>The &man.ataraid.4; driver now includes preliminary support
	  for DDF metadata found on Adaptec HostRAID controllers.
	  Note that spares and rebuilds are not supported yet.</para>

	<para>The &man.cam.4; SCSI subsystem now supports a new sysctl
	  variable <varname>kern.cam.cd.retry_count</varname>.  This
	  controls the number of retries for the CD media.  When
	  trying to read scratched or damaged CDs and DVDs, the
	  default mechanism is sub-optimal, and programs like
	  <application>ddrescue</application> do much better if you
	  turn off the retries entirely since their algorithms do it
	  by themselves.  This value is set to <literal>4</literal>
	  (for a total of 5 attempts) by default.  Setting it to
	  <literal>0</literal> turns off all retry attempts.</para>

	<para>A bug in the &man.ciss.4; driver which caused low
	  <quote>max device openings</quote> count and led to poor
	  performance has been fixed.</para>

	<para>The &man.glabel.8; GEOM class now supports a new
	  UFS-based label called <literal>ufsid</literal> that can be
	  used to reference UFS-carrying devices by the unique file
	  system ID.  This file system ID is automatically generated
	  and detected when the &man.glabel.8; GEOM class is enabled.  An
	  example of this new label is:
	  <filename>/dev/ufsid/48e69c8b5c8e1b43</filename>.  The
	  benefit of using GEOM labels in general is to avoid problems
	  of device renaming when shifting drives or
	  controllers.</para>

	<para>The &man.gjournal.8; GEOM class now supports the root
	  file system.  Previously, an unclean shutdown would make it
	  impossible to mount the root file system at boot.</para>

	<para>The &man.gpart.8; utility has been updated.  The APM
	  scheme now supports Tivo Series 1 partitions (read only), a
	  new EBR scheme to support Extended Boot Records has been
	  added, the BSD scheme now support bootcode, and bugs in the
	  PC98 and VTOC8 schemes have been fixed.</para>

	<para>An issue in &man.gvinum.8; with access permissions
	  to underlying disks used by a gvinum plex has been fixed.
	  If the plex is a raid5 plex and is being written to, parity data might
	  have to be read from the underlying disks, requiring them to be opened for
	  reading as well as writing.</para>

	<para>The &man.hptmv.4; driver has been updated to version
	  1.16 from the vendor.</para>

	<para>The &man.mmc.4; and &man.mmcsd.4; drivers now support MMC
	  and SDHC cards, high speed timing, wide bus, and multiblock
	  transfers.</para>

	<para arch="sparc64">The &man.mpt.4; driver is now in the
	  <filename>GENERIC</filename> kernel.</para>

	<para>The &man.sdhci.4; driver has been added.  This supports
	  PCI devices with class 8 and subclass 5 according to the SD
	  Host Controller Specification.</para>

	<para>The &man.sdhci.4; driver now supports kernel dumping and
	  a sysctl variable <varname>hw.sdhci.debug</varname> for debug
	  level.</para>

	<para>The &man.twa.4; driver now supports 64-bit DMA.</para>

	<para>The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
	  are now included as kernel modules.</para>
      </sect3>

      <sect3 id="fs">
	<title>File Systems</title>

	<para>The semantics of &man.acl.3; extended access control
	  lists has been changed as follows:</para>

	<itemizedlist>
	  <listitem>
	    <para>The inode modification time (mtime) is not updated
	      when extended attributes are added, modified, or removed.</para>
	  </listitem>

	  <listitem>
	    <para>The inode access time (atime) is not updated
	      when extended attributes are queried.</para>
	  </listitem>
	</itemizedlist>

	<para>The &os; NFS file system now supports a sysctl variable
	  <varname>vfs.nfs.prime_access_cache</varname> to determine
	  whether or not <function>nfs_getattr()</function> will use
	  an ACCESS RPC to prime the access cache instead of a simple
	  GETATTR RPC.  This is because on many NFS servers an ACCESS
	  RPC is much more expensive to service than a GETATTR RPC for
	  files in an NFSv3 mount.  The sysctl variable is enabled by
	  default to maintain the previous behavior.</para>

	<para>The &os; UDF file system now supports a fifo.</para>

	<para>The shared vnode locking for pathname lookups in
	  the &man.VFS.9; subsystem has been improved.  This is disabled
	  by default.  Setting a sysctl variable
	  <varname>vfs.lookup_shared</varname> to <literal>1</literal>
	  enables it for better performance.  Note that the
	  <literal>LOOKUP_SHARED</literal> kernel option equivalent to
	  the sysctl variable has been removed.</para>
      </sect3>
    </sect2>

    <sect2 id="userland">
      <title>Userland Changes</title>

      <para>A bug in the &man.atacontrol.8; utility, which prevents it
	from working when <filename>/usr</filename> is not mounted or
	invoked from <filename>/rescue</filename>, has been
	fixed.</para>

      <para>The &man.btpand.8; daemon from NetBSD has been added.
	This daemon provides support for Bluetooth Network Access
	Point (NAP), Group Ad-hoc Network (GN) and Personal Area
	Network User (PANU) profiles.</para>

      <para>The &man.ncal.1; utility now supports multibyte
	characters.</para>

      <para>The &man.config.8; utility now supports
	multiple <varname>makeoption</varname> lines.</para>

      <para>The &man.csup.1; utility now supports CVSMode to fetch a
	complete CVS repository.  Note that the rsync transfer mode is
	currently disabled.</para>

      <para>The &man.dirname.1; utility now accepts multiple arguments
	in the same way that &man.basename.1; does.</para>

      <para>The &man.du.1; utility now supports an <option>-l</option>
	flag.  When specified, the &man.du.1; utility counts a file
	with multiple hard links as multiple different files.</para>

      <para>The &man.du.1; utility now supports an <option>-A</option> flag
	to display the apparent size instead of the disk usage.  This can be
	helpful when operating on compressed volumes or sparse files.</para>

      <para>The &man.du.1; utility now supports a <option>-B
	<replaceable>blocksize</replaceable></option> option to
	calculate block counts in blocks of
	<replaceable>blocksize</replaceable> bytes.  This is different
	from the <option>-k</option> or <option>-m</option> options or
	setting <varname>BLOCKSIZE</varname> and gives an estimate of
	how much space the examined file hierarchy would require on a
	file system with the given
	<replaceable>blocksize</replaceable>.  Unless in
	<option>-A</option> mode, <replaceable>blocksize</replaceable>
	is rounded up to the next multiple of 512.</para>

      <para>The &man.dumpfs.8; utility now supports an
	<option>-f</option> flag, which causes it to list all free
	fragments in the file system by fragment (block) number.  This
	new mode does the necessary arithmetic to generate absolute
	fragment numbers rather than the cg-relative numbers printed
	in the default mode.</para>

      <para>If <option>-f</option> is passed once, contiguous fragment
	ranges are collapsed into an X-Y format as free block lists
	are currently printed in regular dumpfs output.  If specified
	twice, all block numbers are printed individually, allowing
	both compact and more script-friendly representation.</para>

      <para>The &man.fetch.1; utility now supports an
	<option>-i</option> flag which supports the If-Modified-Since
	HTTP 1.1 request.  If specified it will cause the file to be
	downloaded only if it is more recent than the mtime of the
	local file.  Also, <application>libfetch</application> now
	accepts the mtime in the url structure and a flag to indicate
	when this behavior is desired.</para>

      <para>The &man.fsck.8; utility now supports a
	<option>-C</option> flag for <literal>check clean</literal>
	mode.  This checks if the file system was dismounted cleanly
	first and then skip file system checks if true.  Otherwise it
	does full checks.</para>

      <para>The &man.fsck.8; utility now supports a
	<option>-D</option> flag for damaged recovery mode, which will
	enable certain aggressive operations that can make
	&man.fsck.8; to survive with file systems that has very
	serious data damage.  This is a useful last resort when on
	disk data damage is very serious and causes &man.fsck.8; to
	crash.</para>

      <para>The &man.getaddrinfo.3; function now supports SCTP.</para>

      <para>A bug was fixed in the &man.ipfw.8; utility which displays
	extra messages for a NAT rule even when a <option>-q</option>
	flag is specified.</para>

      <para>The &man.ln.1; utility now supports a <option>-w</option>
	flag to check if the source file actually exists.  When the
	flag is specified and the file does not exist, &man.ln.1; will
	issue a warning message.</para>

      <para>The &man.make.1; utility now supports a
	<option>-p</option> flag to print the input graph only,
	without executing any commands.  The output is the same as
	<option>-d g1</option>.  When combined with <option>-f
	/dev/null</option>, only the built-in rules of make are
	displayed.</para>

      <para>The &man.make.1; utility now supports a
	<option>-Q</option> flag to cause file banners not to be
	generated in addition to the same effect of a
	<option>-q</option> flag when a <option>-j</option> option is
	specified.</para>

      <para>The &man.make.1; utility now supports the
	<varname>.MAKE.JOB.PREFIX</varname> variable.  If
	<option>-j</option> and <option>-v</option> are specified, its
	output for each target is prefixed with a token <literal>---
	  <replaceable>target</replaceable> ---</literal> the first part
	of which can be controlled via the variable.</para>

      <para>The &man.make.1; utility now supports
	<varname>.MAKE.PID</varname> and <varname>.MAKE.PPID</varname>
	variable.  These are set to process ID of the &man.make.1;
	process and its parent process respectively.</para>

      <para>The &man.makefs.8; utility to create a file system image
	from a directory tree has been added.</para>

      <para>The &man.mergemaster.8; utility now supports an
	<option>-F</option> option to automatically install files that
	differ only in their version control ID strings.</para>

      <para>The &man.mount.8; utility now supports an <option>-o
	mountprog=<replaceable>/somewhere/mount_xxx</replaceable></option>
	option to force it to use the specified program to mount the
	file system instead of calling &man.nmount.2; directly.  This
	is useful when you want to use third party programs such as
	FUSE, for example.</para>

      <para>The &man.netstat.1; utility now reports &man.unix.4;
	sockets' listen queue statistics when an <option>-L</option>
	flag is specified.</para>

      <para>A bug in the &man.netstat.1; utility has been fixed.  It
	crashed with the following options in the previous
	versions:</para>

      <screen>&prompt.user; netstat -m -N foo</screen>

      <para>A bug in the &man.netstat.1; utility has been fixed.  The
	<option>-ss</option> option now works in the icmp6 section as
	expected.</para>

      <para>The &man.pciconf.8; utility now supports a
	<option>-b</option> flag, which lists any base address
	registers (BAR) that are assigned resources for each
	device.</para>

      <para>The &man.powerd.8; program has been improved.  Changes
	include reasonable CPU load estimation on SMP systems and a
	new mode named as <literal>hiadaptive</literal> for AC-powered
	systems.  The <literal>hiadaptive</literal> mode raises the
	CPU frequency twice as fast as <literal>adaptive</literal>, it
	drops the CPU frequency 4 times slower, prefers twice lower
	CPU load and has an additional delay before leaving the
	highest frequency after the period of maximum load.</para>

      <para>The &man.stat.1; utility now displays an octal
	representation of suid, sgid and sticky bits when the
	<option>-x</option> flag is specified.</para>

      <para>The &man.strndup.3; function has been added.</para>

      <para>The &man.wc.1; utility now supports an <option>-L</option>
	flag to output the number of characters in the longest input
	line.</para>

      <para>A bug in the &man.rpc.yppasswdd.8; program, which causes
	it to leave a zombie process when a password or default shell
	is changed, has been fixed.</para>

<!--
      <sect3 id="rc-scripts">
	<title><filename>/etc/rc.d</filename> Scripts</title>

	<para></para>
      </sect3>
-->
    </sect2>

    <sect2 id="contrib">
      <title>Contributed Software</title>

      <para><application>ISC BIND</application> has been updated to
	version 9.4.3-P2.</para>

      <para>The timezone database has been updated from
	the <application>tzdata2008h</application> release to
	the <application>tzdata2009f</application> release.</para>
    </sect2>

    <sect2 id="ports">
      <title>Ports/Packages Collection Infrastructure</title>

      <para>A bug in the &man.pkg.create.1; utility, which prevents
	the <option>-n</option> flag from working has been
	fixed.</para>

      <para>The &os; Ports Collection now supports multiple
	&man.make.1; jobs in some supported ports.  This is
	automatically enabled when a port is marked as
	<varname>MAKE_JOBS_SAFE</varname> and improves CPU utilization
	at the build stage by passing an option
	<option>-j<replaceable>X</replaceable></option> to the top
	level <filename>Makefile</filename> from the vendor.  The
	number <replaceable>X</replaceable> is set to the number of
	CPUs by default, and can be set by users via a &man.make.1;
	variable <varname>MAKE_JOBS_NUMBER</varname>.  For more
	details, see <filename>ports/Mk/bsd.port.mk</filename>.</para>
    </sect2>

    <sect2 id="releng">
      <title>Release Engineering and Integration</title>

      <para>The supported version of
	the <application>GNOME</application> desktop environment
	(<filename role="package">x11/gnome2</filename>) has been
	updated from 2.22 to 2.26.</para>

      <para>The supported version of
	the <application>KDE</application> desktop environment has
	been updated from 3.5.10 (<filename
	role="package">x11/kde3</filename>) to 4.2.2 (<filename
	role="package">x11/kde4</filename>).</para>
    </sect2>

<!--
    <sect2 id="doc">
      <title>Documentation</title>

      <para></para>
    </sect2>
-->
  </sect1>

  <sect1 id="upgrade">
    <title>Upgrading from previous releases of &os;</title>

    <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE, binary
      upgrades between RELEASE versions (and snapshots of the various
      security branches) are supported using the
      &man.freebsd-update.8; utility.  The binary upgrade procedure
      will update unmodified userland utilities, as well as unmodified
      GENERIC or SMP kernels distributed as a part of an official &os;
      release.  The &man.freebsd-update.8; utility requires that the
      host being upgraded has Internet connectivity.</para>

    <para>An older form of binary upgrade is supported through the
      <command>Upgrade</command> option from the main
      &man.sysinstall.8; menu on CDROM distribution media.  This type
      of binary upgrade may be useful on non-&arch.i386;,
      non-&arch.amd64; machines or on systems with no Internet
      connectivity.</para>

    <para>Source-based upgrades (those based on recompiling the &os;
      base system from source code) from previous versions are
      supported, according to the instructions in
      <filename>/usr/src/UPDATING</filename>.</para>

    <important>
      <para>Upgrading &os; should, of course, only be attempted after
	backing up <emphasis>all</emphasis> data and configuration
	files.</para>
    </important>
  </sect1>
</article>