FreeBSD 8.3-RELEASE Release Notes
The FreeBSD Project
Copyright (c) 2012 The FreeBSD Documentation Project
$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/article.sgml,v
1.1101.2.29.2.4 2012/04/09 04:44:39 hrs Exp $
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and
ThinkPad are trademarks of International Business Machines
Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of
Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and
Xeon are trademarks or registered trademarks of Intel Corporation
or its subsidiaries in the United States and other countries.
SPARC, SPARC64, SPARCengine, and UltraSPARC are trademarks of
SPARC International, Inc in the United States and other countries.
SPARC International, Inc owns all of the SPARC trademarks and
under licensing agreements allows the proper use of these
trademarks by its members.
Many of the designations used by manufacturers and sellers to
distinguish their products are claimed as trademarks. Where those
designations appear in this document, and the FreeBSD Project was
aware of the trademark claim, the designations have been followed
by the "(TM)" or the "(R)" symbol.
The release notes for FreeBSD 8.3-RELEASE contain a summary of the
changes made to the FreeBSD base system on the 8.2-STABLE
development line. This document lists applicable security
advisories that were issued since the last release, as well as
significant changes to the FreeBSD kernel and userland. Some brief
remarks on upgrading are also presented.
--------------------------------------------------------------
Table of Contents
1 Introduction
2 What's New
2.1 Security Advisories
2.2 Kernel Changes
2.2.1 Hardware Support
2.2.2 Network Protocols
2.2.3 Disks and Storage
2.2.4 File Systems
2.3 Userland Changes
2.4 Contributed Software
2.5 Ports/Packages Collection Infrastructure
3 Upgrading from previous releases of FreeBSD
1 Introduction
This document contains the release notes for FreeBSD 8.3-RELEASE.
It describes recently added, changed, or deleted features of
FreeBSD. It also provides some notes on upgrading from previous
versions of FreeBSD.
This distribution of FreeBSD 8.3-RELEASE is a release
distribution. It can be found at ftp://ftp.FreeBSD.org/ or any of
its mirrors. More information on obtaining this (or other) release
distributions of FreeBSD can be found in the "Obtaining FreeBSD"
appendix to the FreeBSD Handbook.
All users are encouraged to consult the release errata before
installing FreeBSD. The errata document is updated with
"late-breaking" information discovered late in the release cycle
or after the release. Typically, it contains information on known
bugs, security advisories, and corrections to documentation. An
up-to-date copy of the errata for FreeBSD 8.3-RELEASE can be found
on the FreeBSD Web site.
--------------------------------------------------------------
2 What's New
This section describes the most user-visible new or changed
features in FreeBSD since 8.2-RELEASE.
Typical release note items document recent security advisories
issued after 8.2-RELEASE, new drivers or hardware support, new
commands or options, major bug fixes, or contributed software
upgrades. They may also list changes to major ports/packages or
release engineering practices. Clearly the release notes cannot
list every single change made to FreeBSD between releases; this
document focuses primarily on security advisories, user-visible
changes, and major architectural improvements.
--------------------------------------------------------------
2.1 Security Advisories
Problems described in the following security advisories have been
fixed. For more information, consult the individual advisories
available from http://security.FreeBSD.org/.
Advisory Date Topic
SA-11:01.mountd 20 April 2011 Network ACL mishandling in
mountd(8)
BIND remote DoS with large
SA-11:02.bind 28 May 2011 RRSIG RRsets and negative
caching
Errors handling corrupt
SA-11:04.compress 28 September 2011 compress file in compress(1)
and gzip(1)
SA-11:05.unix 28 September 2011 Buffer overflow in handling of
UNIX socket addresses
Remote packet Denial of
SA-11:06.bind 23 December 2011 Service against named(8)
servers
SA-11:07.chroot 23 December 2011 Code execution via chrooted
ftpd
SA-11:08.telnetd 23 December 2011 telnetd code execution
vulnerability
pam_ssh improperly grants
SA-11:09.pam_ssh 23 December 2011 access when user account has
unencrypted SSH private keys
SA-11:10.pam 23 December 2011 pam_start() does not validate
service names
--------------------------------------------------------------
2.2 Kernel Changes
[amd64, i386] The FreeBSD dtrace(1) framework now supports
systrace for system calls of linux32 and freebsd32 on
FreeBSD/amd64. Two new systrace_linux32 and systrace_freebsd32
kernel modules provide support for tracing compat system calls in
addition to the native system call tracing provided by the
systrace module.[r219107]
The hhook(9) (Helper Hook) and khelp(9) (Kernel Helpers) KPIs have
been implemented. These are a kind of superset of pfil(9)
framework for more general use in the kernel. The hhook(9) KPI
provides a way for kernel subsystems to export hook points that
khelp(9) modules can hook to provide enhanced or new functionality
to the kernel. The khelp(9) KPI provides a framework for managing
khelp(9) modules, which indirectly use the hhook(9) KPI to
register their hook functions with hook points of interest within
the kernel. These allow a structured way to dynamically extend the
kernel at runtime in an ABI preserving manner.[r222406]
[amd64, i386, pc98] A loader(8) tunable hw.memtest.tests has been
added. This controls whether to perform memory testing at boot
time or not. The default value is 1 (perform a memory
test).[r230282]
The open(2) and fhopen(2) system calls now support the O_CLOEXEC
flag, which allows setting the FD_CLOEXEC flag for the newly
created file descriptor. This is standardized in IEEE Std
1003.1-2008 (POSIX, Single UNIX Specification Version 4).[r220241]
The posix_fallocate(2) system call has been implemented. This is a
function in POSIX to ensure that a part of the storage for regular
file data is allocated on the file system storage media.[r227573]
The posix_fadvise(2) system call has been implemented. This is a
function in POSIX similar to madvise(2) except that it operates on
a file descriptor instead of a memory region.[r229725]
--------------------------------------------------------------
2.2.1 Hardware Support
The FreeBSD usb(4) subsystem now supports USB packet filter. This
allows to capture packets which go through each USB host
controller. The implementation is almost based on bpf(4) code. The
userland program usbdump(8) has been added.[r221174]
--------------------------------------------------------------
2.2.1.1 Network Interface Support
The cxgb(4) driver has been updated to version 7.11.0.[r220340]
A cxgbe(4) driver for Chelsio T4 (Terminator 4) based 10Gb/1Gb
adapters has been added.[r219633]
[i386] The dc(4) driver now works correctly in kernels with the
PAE option.[r220072]
The em(4) driver has been updated to version 7.3.2.[r230848]
The igb(4) driver has been updated to version 2.3.1.[r230848]
The igb(4) driver now supports Intel I350 PCIe Gigabit Ethernet
controllers.[r230848]
The ixgbe(4) driver has been updated to version 2.4.5.[r230924]
Firmware images in the iwn(4) driver for 1000, 5000, 6000, and
6500 series cards have been updated.[r223255]
The msk(4) driver now supports RX checksum offloading for Yukon
EC, Yukon Ultra, Yukon FE and Yukon Ultra2. The checksum
offloading for Yukon XL was still disabled due to known silicon
bug.[r223394]
A bug in the nfe(4) driver which could prevent reinitialization
after changing the MTU has been fixed.[r218872]
A rdcphy(4) driver for RDC Semiconductor R6040 10/100 PHY has been
added.[r218294]
The re(4) driver now supports RTL8168E/8111E-VL PCIe Gigabit
Ethernet controllers and RTL8401E PCIe Fast Ethernet
controllers.[r218901, r219116]
The re(4) driver now supports TX interrupt moderation on RTL810xE
PCIe Fast Ethernet controllers.[r218905]
The re(4) driver now supports another mechanism for RX interrupt
moderation because of performance problems. A sysctl(8) variable
dev.re.N.int_rx_mod has been added to control amount of time to
delay RX interrupt processing, in units of microsecond. Setting it
to 0 completely disables RX interrupt moderation. A loader(8)
tunable hw.re.intr_filter controls whether the old mechanism
utilizing MSI/MSI-X capability on supported controllers is used or
not. When set to a non-zero value, the re(4) driver uses the old
mechanism. The default value is 0 and this tunable has no effect
on controllers without MSI/MSI-X capability.[r219110]
The re(4) driver now supports TSO (TCP Segmentation Offload) on
RealTek RTL8168/8111 C or later controllers. Note that this is
disabled by default because broken frames can be sent under
certain conditions.[r218897]
The re(4) driver now supports enabling TX and/or RX checksum
offloading independently from each other. Note that TX IP checksum
is disabled on some RTL8168C-based network interfaces because it
can generate an incorrect IP checksum when the packet contains IP
options.[r218899, r219114]
The re(4) driver now supports RTL8105E PCIe Fast Ethernet
controllers.[r229530]
A vte(4) driver for RDC R6040 Fast Ethernet controllers, which are
commonly found on the Vortex86 System On a Chip, has been
added.[r218296]
--------------------------------------------------------------
2.2.2 Network Protocols
ipfw(8) now supports the call and return actions. Upon the call
number action, the current rule number is saved in the internal
stack and ruleset processing continues with the first rule
numbered number or higher. The return action takes the rule number
saved to internal stack by the latest call action and returns
ruleset processing to the first rule with number greater than that
saved number.[r230575]
FreeBSD's ipsec(4) support now uses half of the hash size as the
authenticator hash size in Hashed Message Authentication Mode
(HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512) as described in RFC
4868. This was a fixed 96-bit length in prior releases because the
implementation was based on an old Internet draft
draft-ietf-ipsec-ciph-sha-256-00. Note that this means 8.3-RELEASE
and later are no longer interoperable with the older FreeBSD
releases.[r221157]
A bug in the IPV6_PKTINFO option used in sendmsg(2) has been
fixed. The IPV6_USE_MIN_MTU state set by setsockopt(2) was
ignored.[r232560]
The FreeBSD TCP/IP network stack now supports the mod_cc(9)
pluggable congestion control framework. This allows TCP congestion
control algorithms to be implemented as dynamically loadable
kernel modules. The following kernel modules are available as of
8.3-RELEASE: cc_chd(4) for the CAIA-Hamilton-Delay algorithm,
cc_cubic(4) for the CUBIC algorithm, cc_hd(4) for the
Hamilton-Delay algorithm, cc_htcp(4) for the H-TCP algorithm,
cc_newreno(4) for the NewReno algorithm, and cc_vegas(4) for the
Vegas algorithm. The default algorithm can be set by a new
sysctl(8) variable net.inet.tcp.cc.algorithm. The value must be
set to one of the names listed by net.inet.tcp.cc.available, and
newreno is the default set at boot time. For more detail, see the
mod_cc(4) and mod_cc(9) manual pages.[r222401, r222402, r222403,
r222404, r222406, r222407, r222408, r222409, r222411, r222412,
r222413, r222419, r225738]
An h_ertt(4) (Enhanced Round Trip Time) khelp(9) module has been
added. This module allows per-connection, low noise estimates of
the instantaneous RTT in the TCP/IP network stack with a robust
implementation even in the face of delayed acknowledgments and/or
TSO (TCP Segmentation Offload) being in use for a
connection.[r222410]
A new tcp(4) socket option TCP_CONGESTION has been added. This
allows to select or query the congestion control algorithm that
the TCP/IP network stack will use for connections on the
socket.[r222401]
The ng_ipfw(4) netgraph(4) node now supports IPv6.[r225876]
The ng_one2many(4) netgraph(4) node now supports the XMIT_FAILOVER
transmit algorithm. This makes packets deliver out of the first
active many hook.[r219660]
--------------------------------------------------------------
2.2.3 Disks and Storage
The ada(4) driver now supports write cache control. A new
sysctl(8) variable kern.cam.ada.write_cache determines whether the
write cache of ada(4) devices is enabled or not. Setting to 1
enables and 0 disables the write cache, and -1 leaves the device
default behavior. sysctl(8) variables kern.cam.ada.N.write_cache
can override the configuration in a per-device basis (the default
value is -1, which means to use the global setting). Note that the
value can be changed at runtime, but it takes effect only after a
device reset.[r220841]
The arcmsr(4) driver has been updated to version
1.20.00.22.[r224991]
The graid(8) GEOM class has been added. This is a replacement of
the ataraid(4) driver supporting various BIOS-based software
RAID.[r223177]
The mxge(4) driver has been updated.[r224235]
A tws(4) driver for 3ware 9750 SATA+SAS 6Gb/s RAID controllers has
been added.[r226243]
--------------------------------------------------------------
2.2.4 File Systems
The FreeBSD Fast File System now supports the TRIM command when
freeing data blocks. A new flag -t in the newfs(8) and tunefs(8)
utilities sets the TRIM-enable flag for a file system. The
TRIM-enable flag makes the file system send a delete request to
the underlying device for each freed block. The TRIM command is
specified as a Data Set Management Command in the ATA8-ACS2
standard to carry the information related to deleted data blocks
to a device, especially for a SSD (Solid-State Drive) for
optimization.[r218079]
A new flag -E has been added to the newfs(8) and fsck_ffs(8)
utilities. This clears unallocated blocks, notifying the
underlying device that they are not used and that their contents
may be discarded. This is useful in fsck_ffs(8) for file systems
which have been mounted on systems without TRIM support, or with
TRIM support disabled, as well as filesystems which have been
copied from one device to another.[r225296]
The FreeBSD NFS subsystem now supports a nocto mount option. This
disables the close-to-open cache coherency check at open time.
This option may improve performance for read-only mounts, but
should only be used only if the data on the server changes rarely.
The mount_nfs(8) utility now also supports this flag
keyword.[r221759]
A loader(8) tunable vfs.typenumhash has been added. Setting this
to 1 enables to use a hash calculation on the file system
identification number internally used in the kernel. This fixes
the "Stale NFS file handle" error on NFS clients when upgrading or
rebuilding the kernel on the NFS server due to unexpected change
of these identification number values. Note that this is set to 0
(disable) by default for backward compatibility.[r226926]
The FreeBSD ZFS subsystem has been updated to the SPA (Storage
Pool Allocator, also known as zpool) version 28. It now supports
data deduplication, triple parity RAIDZ (raidz3), snapshot holds,
log device removal, zfs diff, zpool split, zpool import -F, and
read-only zpool import.[r222741]
--------------------------------------------------------------
2.3 Userland Changes
The bsdtar(1) and cpio(1) utilities are now based on libarchive
version 2.8.5.[r229589]
The cpuset(1) utility now supports a -C flag to create a new
cpuset and assign an existing process into that set, and an all
keyword in the -l cpu-list option to specify all CPUs in the
system.[r218033]
A bug in the fetch(1) utility which could prevent the STAT FTP
command from working properly has been fixed.[r221764]
The gpart(8) utility now supports a -p flag to the show
subcommand. This allows showing providers' names of partitions
instead of the partitions' indexes.[r219861]
The hastd(8) utility now drops root privileges of the worker
processes to the hast user.[r220104]
The hastd(8) utility now supports a checksum keyword to specify
the checksum algorithm in a resource section. As of 8.3-RELEASE,
none, sha256, and crc32 are supported.[r220104]
The hastd(8) utility now supports a compression keyword to specify
the compression algorithm in a resource section. As of
8.3-RELEASE, none, hole and lzf are supported.[r220104]
The hastd(8) utility now supports a source keyword to specify the
local address to bind to before connecting the remote hastd(8)
daemon.[r220104]
A readline(3) API set has been imported into libedit. This is
based on NetBSD's implementation and BSD licensed utilities now
use it instead of GNU libreadline.[r220612]
The makefs(8) utility now supports the ISO 9660 format.[r224447]
libmd and libcrypt now support the SHA-256 and SHA-512
algorithms.[r231588]
The netstat(1) utility now does not expose the internal scope
address representation used in the FreeBSD kernel, which is
derived from KAME IPv6 stack, in the results of netstat -ani and
netstat -nr.[r219062]
The newsyslog(8) utility now supports xz(1) compression. An X flag
in the optional field has been added to specify the
compression.[r218911]
A poweroff(8) utility has been added. This is equivalent
to:[r224259]
# shutdown -p now
The ppp(8) utility now supports iface name name and iface
description description commands. These have the same
functionalities as the name and description subcommands of the
ifconfig(8) utility.[r224285]
The ps(1) utility now supports -o usertime and -o systime options
to display accumulated system and user CPU time,
respectively.[r219943]
The rtadvd(8) daemon now supports a noifprefix keyword to disable
gathering on-link prefixes from interfaces when no addr keyword is
specified. An entry in /etc/rtadvd.conf with noifprefix and no
addr generates an RA message with no prefix information
option.[r231802]
The rtadvd(8) daemon now supports the RDNSS and DNSSL options
described in RFC 6106, "IPv6 Router Advertisement Options for DNS
Configuration". A rtadvctl(8) utility to control the rtadvd(8)
daemon has been added.[r231802]
A bug in the tftpd(8) daemon has been fixed. It had an
interoperability issue when transferring a large file.[r227083]
The zpool(8): utility now supports a zpool labelclear command.
This allows to wipe the label data from a drive that is not active
in a pool.[r229570]
--------------------------------------------------------------
2.4 Contributed Software
The awk has been updated to the 7 August 2011 release.
ISC BIND has been updated to version 9.6-ESV-R5-P1.
The netcat utility has been updated to version 4.9.
GNU GCC and libstdc++ have been updated to rev 127959 of
gcc-4_2-branch (the last GPLv2-licensed version).[r221274]
The LESS program has been updated to version v444.[r223454]
The OpenSSH utility has been updated to 5.4p1, and optimization
for large bandwidth-delay product connection and none cipher
support have been merged[r228152]
sendmail has been updated to version 8.14.5.[r223315]
The timezone database has been updated to the tzdata2011n
release.[r226977]
The unifdef(1) utility has been updated to version 2.5.6.
The xz program has been updated from 5.0.0 to 5.0.1.[r219219]
--------------------------------------------------------------
2.5 Ports/Packages Collection Infrastructure
The supported version of the KDE desktop environment (x11/kde4)
has been updated from 4.5.5 to 4.7.4.
--------------------------------------------------------------
3 Upgrading from previous releases of FreeBSD
[amd64, i386] Upgrades between RELEASE versions (and snapshots of
the various security branches) are supported using the
freebsd-update(8) utility. The binary upgrade procedure will
update unmodified userland utilities, as well as unmodified
GENERIC kernel distributed as a part of an official FreeBSD
release. The freebsd-update(8) utility requires that the host
being upgraded has Internet connectivity.
An older form of binary upgrade is supported through the Upgrade
option from the main sysinstall(8) menu on CDROM distribution
media. This type of binary upgrade may be useful on non-i386,
non-amd64 machines or on systems with no Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD base
system from source code) from previous versions are supported,
according to the instructions in /usr/src/UPDATING.
Important: Upgrading FreeBSD should, of course, only be
attempted after backing up all data and configuration files.
--------------------------------------------------------------
This file, and other release-related documents, can be downloaded from
ftp://ftp.FreeBSD.org/.
For questions about FreeBSD, read the documentation before contacting
<questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.