FreeBSD 8.4-RELEASE Release Notes

The FreeBSD Project

FreeBSD is a registered trademark of the FreeBSD Foundation.

IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.

IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.

Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the ® symbol.

Last modified on 2015-02-05 by gjb.

The release notes for FreeBSD 8.4-RELEASE contain a summary of the changes made to the FreeBSD base system on the 8.4-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.

[ Split HTML / Single HTML ]

Table of Contents
1. Introduction
2. What's New
3. Upgrading from previous releases of FreeBSD

1. Introduction

This document contains the release notes for FreeBSD 8.4-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

The snapshot distribution to which these release notes apply represents a point along the 8.4-STABLE development branch between 8.3-RELEASE and the future 8.5-RELEASE. Information regarding pre-built, binary snapshot distributions along this branch can be found at .

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 8.4-RELEASE can be found on the FreeBSD Web site.

2. What's New

This section describes the most user-visible new or changed features in FreeBSD since 8.3-RELEASE.

Typical release note items document recent security advisories issued after 8.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

2.1. Security Advisories

Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from

FreeBSD-SA-13:07.bind26 July 2013

Denial of Service vulnerability in named(8)

FreeBSD-SA-13:09.ip_multicast21 August 2013

Integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation

FreeBSD-SA-13:10.sctp21 August 2013

Fix a bug that could lead to kernel memory disclosure with SCTP state cookie

FreeBSD-SA-13:12.ifioctl10 September 2013

In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK at the socket layer rather than pass them on to the link layer without validation or credential checks

FreeBSD-SA-13:13.nullfs10 September 2013

Prevent cross-mount hardlinks between different nullfs mounts of the same underlying filesystem

FreeBSD-SA-14:01.bsnmpd14 January 2014

bsnmpd remote denial of service vulnerability

FreeBSD-SA-14:02.ntpd14 January 2014

ntpd distributed reflection Denial of Service vulnerability

FreeBSD-SA-14:04.bind14 January 2014

BIND remote denial of service vulnerability

FreeBSD-SA-14:05.nfsserver8 April 2014

NFS deadlock vulnerability

FreeBSD-SA-14:06.openssl8 April 2014

ECDSA Cache Side-channel Attack in OpenSSL

FreeBSD-SA-14:08.tcp30 April 2014

TCP reassembly vulnerability

FreeBSD-SA-14:11.sendmail5 June 2014

sendmail improper close-on-exec flag handling

FreeBSD-SA-14:12.ktrace5 June 2014

ktrace memory disclosure

FreeBSD-SA-14:14.openssl5 June 2014

OpenSSL multiple vulnerabilities

FreeBSD-SA-14:16.file5 June 2014

Multiple vulnerabilities in file(1) and libmagic(3)

FreeBSD-SA-14:17.kmem8 July 2014

kernel memory disclosure in control message and SCTP notifications

FreeBSD-SA-14:18.openssl9 September 2014

Multiple vulnerabilities in OpenSSL

FreeBSD-SA-14:19.tcp16 September 2014

Denial of Service in TCP packet processing

FreeBSD-SA-14:21.routed21 October 2014

routed(8) denial of service vulnerability

FreeBSD-SA-14:23.openssl21 October 2014

Multiple vulnerabilities in OpenSSL

FreeBSD-SA-14:25.setlogin4 November 2014

kernel stack disclosure in setlogin(2) and getlogin(2)

FreeBSD-SA-14:26.ftp4 November 2014

Remote command execution in ftp(1)

FreeBSD-SA-14:28.file10 December 2014

Multiple vulnerabilities in file(1) and libmagic(3)

FreeBSD-SA-14:29.bind10 December 2014

BIND remote denial of service vulnerability

FreeBSD-SA-14:31.ntp23 December 2014

Multiple vulnerabilities in NTP suite

FreeBSD-SA-15:01.ntp14 January 2015

Multiple vulnerabilities in OpenSSL

FreeBSD-SA-15:02.kmem27 January 2015

Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability

FreeBSD-SA-15:03.sctp27 January 2015

Fix SCTP stream reset vulnerability

2.2. Errata Notices

FreeBSD-EN-13:01.fxp28 June 2013

Fixed a problem where dhclient(8) would infinitely try to intialize fxp(4)

FreeBSD-EN-13:02.vtnet28 June 2013

Fixed a problem frames sent to additional MAC addresses are not forwarded to the vtnet(4) interface

FreeBSD-EN-13:04.freebsd-update26 October 2013

Multiple fixes

FreeBSD-EN-13:05.freebsd-update28 November 2013

Fix INDEX generation

FreeBSD-EN-14:01.random14 January 2014

Disable hardware RNGs by default

FreeBSD-EN-14:02.mmap14 January 2014

Fix incorrect coalescing of stack entry

FreeBSD-EN-14:03.pkg15 May 2014

Add pkg bootstrapping, configuration and public keys

FreeBSD-EN-14:04.kldxref15 May 2014

Improve build repeatability for kldxref(8)

FreeBSD-EN-14:06.exec3 June 2014

Fix triple-fault when executing from a threaded process

FreeBSD-EN-14:08.heimdal24 June 2014

Fix gss_pseudo_random() interoperability issue

FreeBSD-EN-14:09.jail8 July 2014

Fix jail fails to start if WITHOUT_INET/WITHOUT_INET6 is use

FreeBSD-EN-14:10.tzdata21 October 2014

Time zone data file update

FreeBSD-EN-14:12.zfs4 November 2014

Fix NFSv4 and ZFS cache consistency issue

FreeBSD-EN-14:13.freebsd-update23 December 2014

Fix directory deletion issue

2.3. Kernel Changes

The maximum number of pages used for DMA bounce buffer pool has been increased from 256 to 1024.

The default value of kern.hz has been increased from 100 to 1000.

The SMP kernel now works on MPC7400-based Apple desktop machines such as PowerMac3,3.

FreeBSD/powerpc now supports DMA bounce buffer which is required on systems with larger RAM than 4GB.

FreeBSD/mips support has been improved. It now supports SMP on a SWARM with a dual-core Sibyte processor.

FreeBSD/mips now supports Netlogic Microsystems' XLR and XLS multi-core processor families.

FreeBSD/sparc64 now supports reservation-based physical memory allocation which provides better performance.

FreeBSD/amd64 now always sets the KVA space as equal to or larger than physical memory size. The default size was calculated based on one-third of the physical memory size by a code derived from one for i386. It has been changed because constraints for memory space are not severe on amd64 and this change would help to prevent a kmem_map too small panic which often occurs when using ZFS.

CPU topology detection for Intel CPUs has been improved.

ACPI suspend/resume functionality support has been improved.

FreeBSD kernel now supports kern_fpu_enter() and kern_fpu_leave() KPIs which allow the kernel subsystems to use XMM register files used in Intel SSE (Streaming SIMD Extensions).

The acpi(4) driver now uses ACPI Reset Register capability by default only when a flag in the FADT which indicates it is available. This behavior was controlled by a sysctl(8) variable hw.acpi.handle_reboot and the default value was always set to 0.

The acpi(4) driver now supports new loader tunables hw.acpi.install_interface and hw.acpi.remove_interface. For more details, see acpi(4) manual page.

The alq(9) support has been improved. The alq_writen() and alq_getn() KPIs have been extended to support variable length messages, which is enabled at ALQ creation time depending on the arguments passed to alq_open(). Also, the ALQ_NOACTIVATE and ALQ_ORDERED flags have been added to allow ALQ consumers to have more control over I/O scheduling and resource acquisition respectively. These extensions are fully backward compatible.

The alq(9) support is now provided as a kernel module alq.ko.

The ddb(8) kernel debugger now supports an optional delay in reset and reboot commands. This allows an administrator to break the system into debugger and trigger automatic textdump when an unattended panic occurs.

The ddb(8) kernel debugger now supports a show cdev command. This displays the list of all created cdev's, consisting of devfs node name and struct cdev address.

The FreeBSD GENERIC kernel is now compiled with KDB and KDB_TRACE options. From 8.2-RELEASE the kernel supports displaying a stack trace on panic by using stack(9) facility with no debugger backend like ddb(8). Note that this does not change the default behaviors of the GENERIC kernel on panic.

The following sysctl(8) variables are also now loader tunables: vm.kmem_size, vm.kmem_size_max, and vm.kmem_size_min, debug.kdb.stop_cpus, debug.trace_on_panic, and kern.sync_on_panic. Also, new sysctl(8) variables vm.kmem_map_size for the current kmem map size and vm.kmem_map_free for largest contiguous free range in kmem map, vfs.ncsizefactor for size factor for namecache, and vfs.ncnegfactor for ratio of negative namecache entries have been added.

The FreeBSD memguard(9) framework has been improved to make it able to detect use-after-free of allocated memories over a longer time. For more details, see memguard(9) manual page.

PT_LWPINFO request to obtain information about the kernel thread that caused the traced process to stop in the ptrace(2) process tracing and debugging facility has been improved. It now reports system call entry and leave events, as well as availability of siginfo_t accompanying the reported signal.

The FreeBSD crypto(4) framework (opencrypto) now supports XTS-AES (XEX-TCB-CTS, or XEX-based Tweaked Code Book mode with CipherText Stealing), which is defined in IEEE Std. 1619-2007.

Xen HVM support in FreeBSD/amd64 kernel has been improved. For more details, see xen(4) manual page.

The qpi(4) pseudo bus driver has been added. This supports extra PCI buses on Intel QPI chipsets where various hardware such as memory controllers for each socket is connected.

2.3.1. Boot Loader Changes

FreeBSD now fully supports GPT (GUID Partition Table). Checksums of primary header and primary partition table are verified properly now.

Memory management issues that prevented FreeBSD OpenFirmware loader and netbooting from working have been fixed.

The pxeboot(8) now uses NFS version 3 instead of version 2 by default.

2.3.2. Hardware Support

The aesni(4) driver has been added. This supports AES accelerator on Intel CPUs and accelerates AES operations for crypto(4).

The aibs(4) driver has been added. This supports the hardware sensors in ASUS motherboards and replaces the acpi_aiboost(4) driver.

The coretemp(4) driver now supports Xeon 5500/5600 series.

FreeBSD/powerpc now supports the I2C bus in Apple System Management Unit.

A device driver that supports CPU temperature sensors on PowerMac 11,2 has been added.

The ehci(4), ohci(4), and uhci(4) driver now support LOW speed BULK transfer mode.

The ichwd(4) driver now supports Intel NM10 Express chipset watchdog timer.

The tpm(4) driver, which supports Trusted Platform Module has been added.

The xhci(4) driver, which supports Extensible Host Controller Interface (xHCI) and USB 3.0, has been added. Multimedia Support

The FreeBSD Linux emulation subsystem now supports the video4linux API. This requires native video4linux hardware drivers such as the ones provided by multimedia/pwcbsd and multimedia/webcamd.

MIDI input buffer size in the uaudio(4) driver has been changed. This fixes a problem where the input appears several seconds late.

An issue in the uaudio(4) driver that prevented some USB audio devices from working has been fixed. Network Interface Support

The alc(4) driver now supports Atheros AR8151/AR8152 PCIe Gigabit/Fast Ethernet controllers.

A bug in the alc(4) driver was fixed that could lead to a system freeze when the system was booted without a cable plugged in. This symptom was found in AR8132 on EEE PC.

The TX interrupt moderation timer in the alc(4) driver has been reduced from 50ms to 1ms. The 50ms timer resulted in a poor UDP performance.

The axe(4) driver has been improved for stability and better performance on the TX packet rate.

The bge(4) driver now supports BCM5718 x2 PCI Express dual-port gigabit Ethernet controller family. This family is the successor to the BCM5714/BCM5715 family and supports IPv4/IPv6 checksum offloading, TSO, VLAN hardware tagging, jumbo frames, MSI/MSIX, IOV, RSS and TSS. The current version of the driver supports all hardware features except IOV and RSS/TSS.

A bug in the bge(4) driver which prevented TSO from working in BCM57780 has been fixed.

A bug in the bge(4) driver that could wrongly disable the TX checksum offloading feature as well when one tries to disable only the RX checksum offloading has been fixed.

Some improvements for reliability of the bge(4) driver with BCM5906 controller has been made.

The bge(4) driver now supports hardware MAC statistics in controller's internal memory for BCM5705 or newer Broadcom controllers. These counters can be accessed via sysctl(8) variable dev.bge.N.stats.* and provide useful information to diagnose driver issues.

UDP checksum offloading in the bge(4) driver has been disabled by default. This is because Broadcom controllers have a bug which can generate UDP datagrams with checksum value 0 when TX UDP checksum offloading is enabled. The checksum offloading can be enabled by using the following loader tunable:


A bug in the bge(4) driver that could lead to poor performance on a system with more than 4 GB RAM has been fixed. The cause was that all of Broadcom controllers except the BCM5755 and later have a bug in 4 GB-boundary DMA processing and used the bounce buffer in an inefficient way.

The bwi(4) driver, which supports Broadcom BCM430* and BCM431* family Wireless Ethernet controllers, has been added. This is not compiled into the GENERIC kernel because there are some problems. The kernel module if_bwi.ko is available and can be loaded without recompiling the kernel to enable this driver.

A bug in the bwn(4) driver that prevented WPA authentication from working has been fixed.

A bug in the cdce(4) driver has been fixed.

The cxgb(4) driver now supports the following new sysctl(8) variables: hw.cxgb.nfilters sets the maximum number of entries in the hardware filter table, dev.cxgbc.N.pkt_timestamp provides packet timestamp instead of connection hash, and dev.cxgbc.N.core_clock provides the core clock frequency in kHz.

The em(4) driver has been updated to version 7.1.9.

The igb(4) driver has been updated to version 2.0.7.

The em(4) and igb(4) drivers now provide statistics counters as sysctl(8) MIB objects.

The em(4) and igb(4) drivers now support the led(4) interface via /dev/led/emN and /dev/led/igbN for identification LED control. The following command line makes the LED blink on em0:

# echo f2 > /dev/led/em0

The epair(4) virtual Ethernet interface driver now supports explicit UP/DOWN linkstate. This fixes an issue when it is used with the carp(4) protocol.

The fxp(4) driver now supports TSO over VLAN on i82550 and i82551 controllers.

The iwn(4) driver now supports Intel Wireless WiFi Link 6000 series. The firmware has been updated to version

The ixgbe(4) driver is now also provided as a kernel module.

The ixgbe(4) driver has been updated to version 2.3.8. It now supports 82599, better interrupt handling, hardware assist to LRO, VM SRIOV interface, and so on.

The miibus(4) has been rewritten for the generic IEEE 802.3 annex 31B full duplex flow control support. The alc(4), bge(4), bce(4), cas(4), fxp(4), gem(4), jme(4), msk(4), nfe(4), re(4), stge(4), and xl(4) drivers along with atphy(4), bmtphy(4), brgphy(4), e1000phy(4), gentbi(4), inphy(4), ip1000phy(4), jmphy(4), nsgphy(4), nsphyter(4), and rgephy(4) have been updated to support flow control via this facility.

The mwlfw(4) driver is now also provided as a kernel module.

A bug in the mxge(4) driver that prevented TSO from working has been fixed.

The nfe(4) driver now supports WoL (Wake on LAN).

The re(4) driver now supports 64-bit DMA addressing for RTL810xE/RTL8168/RTL8111 PCIe controllers.

The re(4) driver now supports hardware interrupt moderation of TX completion interrupts on RTL8169/RTL8168 controllers.

The rl(4) driver now supports WoL (Wake on LAN) on RTL8139B or newer controllers.

The rl(4) driver now supports reading hardware statistics counters by setting a sysctl(8) variable dev.rl.N.stats to 1.

The rl(4) driver now supports a device hint to change a way of register access. Although some newer RTL8139 controllers support memory-mapped register access, it is difficult to detect the support automatically. For this reason the driver uses I/O mapping by default and provides the following device hint. If it is set to 0, the driver uses memory mapping for register access.


Note that the default value is 1.

The rl(4) driver has improved interrupt handling. It now has better TX performance under high RX load.

A bug in the sk(4) driver has been fixed. It did not program the station address for Yukon controllers and overriding the station address with ifconfig(8) was not possible.

The sk(4) driver now disables TX checksum offloading by default. This is because some revisions of the Yukon controller generate corrupted frames. The checksum offloading can be enabled manually by using txcsum option in the ifconfig(8) utility.

The sis(4) driver now works on all supported platforms. Some stability and performance issues have also been fixed.

The sis(4) driver now supports WoL (Wake on LAN) on NS DP8315 controller.

A tunable dev.sis.N.manual_pad for the sis(4) driver has been added. This controls whether padding with 0x00 for short frames is done by CPU, rather than the controller. The reason why this tunable has been added is that NS DP83815/DP83816 pads them with 0xff though RFC 1042 specifies it should be 0x00. The tunable is disabled by default, which means padding with 0xff is used because padding with 0x00 by software needs extra CPU cycles. Enabling manual_pad, by setting this sysctl(8) variable to a non-zero value, forces the use of software padding.

The ste(4) driver now supports a device hint to change the device register access mode. The driver uses memory-mapped register access by default, but this caused stability problems with some old IC Plus Corp (formerly Sundace) controllers. The following device hint makes the driver use I/O mapping for register access:


The xl(4) driver now supports WoL (Wake on LAN). Note that not all controllers support this functionality and some need an additional remote wakeup cable.

2.3.3. Network Protocols

An issue in the carp(4) pseudo interface and linkstate changes of the underlying interfaces has been fixed. This happened when a carp(4) interface was created before the underlying interface and its linkstate became UP.

The stdtime part of libc, zdump(8) and zic(8) have been updated from the tzcode2004a release to the tzcode2009h release. If you have upgraded from source or via the freebsd-update(8), then please run tzsetup(8) to install a new /etc/localtime.

A new loader tunable has been added. It specifies the default value of send interface queue length. The default value for this parameter is 50.

The ngtee action in the ipfw(4) packet filter subsystem has been changed. It no longer accepts a packet.

A possible panic in the ipfw(4) pseudo interface for logging has been fixed.

IPsec flow distribution has been improved for more parallel processing.

A bug in the FreeBSD IPv4 stack that prevented adding a proxy ARP entry over netgraph(4) interfaces has been fixed.

A bug in the FreeBSD IPv6 stack that prevented an -I in the ping6(8) utility from working with net.inet6.ip6.use_defaultzone=1 has been fixed.

The lagg(4) interface now supports a sysctl(8) variable This controls whether to accept input packets on any link in a failover lagg.

The ng_eiface(4) netgraph(4) node now supports VLAN-compatible MTU and an MTU size which is larger than 1500.

The ng_ether(4) netgraph(4) node now supports interface transfer between multiple virtual network stacks by ifconfig(8) vnet command. A ng_ether(4) node associated with a network interface is now destroyed and recreated when the network interface is moved to another vnet.

A new netgraph(4) node ng_patch(4) has been added. This performs data modification of packets passing through. Modifications are restricted to a subset of C language operations on unsigned integers of 8, 16, 32 or 64-bit size.

An ICMP unreachable problem in the pf(4) packet filter subsystem when TSO support is enabled has been fixed.

The TCP bandwidth delay product window limiting algorithm controlled by the sysctl(8) variable net.inet.tcp.inflight.enable is now disabled by default. It has been found that this algorithm is inefficient on a fast network with smaller RTT than 10ms. It had been enabled by default since 5.2-RELEASE, and then had been disabled only if the RTT was lesser than 10ms since 7.0-RELEASE. Pluggable TCP congestion control algorithm modules are planned to be added for the future releases.

A bug in FreeBSD TCP Path MTU discovery which could lead to a wrong calculation for an MTU smaller than 256 octets has been fixed. Note that this bug did not affect MTUs equal to or larger than 256 octets.

The FreeBSD TCP reassembly implementation has been improved. A long-standing accounting bug affecting SMP systems has been fixed and the net.inet.tcp.reass.maxqlen sysctl(8) variable has been retired in favor of a per-connection dynamic limit based on the receive socket buffer size. FreeBSD receivers now handle packet loss (particularly losses caused by queue overflows) significantly better than before which improves connection throughput.

The TCP initial window increase in RFC 3390 which can be controlled by a sysctl(8) variable net.inet.tcp.rfc3390 now reduces the congestion window to the restart window if a TCP connection has been idle for one retransmit timeout or more. For more details, see RFC 5681 Section 4.1.

The siftr(4), Statistical Information For TCP Research (SIFTR) kernel module has been added. This is a facility that logs a range of statistics on active TCP connections to a log file. It provides the ability to make highly granular measurements of TCP connection state, aimed at system administrators, developers and researchers.

FreeBSD virtual network stack (vnet) now supports IPv4 multicast routing.

The IEEE 802.11s element identifiers have been updated to reflect the final version of the amendment. This update breaks compatibility with older mesh setups but is necessary as the previous IDs are used by another amendment leading to unexpected results when trying to associate with an accesspoint using the affected IDs.

2.3.4. Disks and Storage

The ahci(4) driver now disables NCQ and PMP support on VIA VT8251 because they are unreliable under load.

The ahci(4) driver now uses 15 seconds for device reset timeout instead of 10 seconds because some devices need 10 - 12 seconds to spin up.

The arcmsr(4) driver has been updated to version

The ada(4) driver now supports a new sysctl(8) variable which controls whether or not to spin-down disks when shutting down if the device supports the functionality. The default value is 1.

The ata(4) driver now supports limiting initial ATA mode for devices via device hints hint.devname.unit.devN.mode or hint.devname.unit.mode. The valid values are the same as ones supported in the atacontrol(8) and camcontrol(8) utilities.

The ata(4) driver now disables cable status check on both controller and device side when the loader tunable hw.ata.ata_dma_check_80pin is 0. The check on controller side was performed regardless of this loader tunable.

The ata(4) driver now reports SATA power management capabilities to the CAM(4) layer when ATA_CAM is enabled. This allows a device to initiate transitions if controller configured to accept it. This makes hint.ata.N.pm_level=1 mode work.

The ata(4) driver has been improved on hotplugging and connection speed reporting support for some Intel SATA controllers including ICH5 and ICH8+ operating in legacy mode.

An issue of device detection of Serverworks K2 SATA controllers in the ata(4) has been fixed.

A bug in the ata(4) driver that prevented some Silicon Image chipsets from working on big endian systems has been fixed.

The gconcat(8) GEOM class now supports kernel crash dump. The dumping is performed to the component where a dump partition begins.

A bug in the geli(8) GEOM class on little endian platforms has been fixed. The metadata version for newly created providers has been updated to 4 due to this. Providers with the older versions are fully interoperable with 8.2-RELEASE and later by being treated as ones with the native byte order flag automatically.

The geli(8) GEOM class now supports a sysctl(8) variable kern.geom.eli.overwrites. This specifies the number of times on-disk keys should be overwritten when destroying them. The default value is 5.

The geli(8) GEOM class has been improved for preventing the same encryption key from being used in 2^20 blocks (sectors).

The geli(8) GEOM class now uses XTS-AES mode by default.

A sysctl(8) variable kern.geom.eli.debug now allows a value -1. This means turn off any log messages of the geli(8) GEOM class.

The mpt(4) driver now supports larger I/O sizes which the device and CAM(4) subsystem can support. This was limited to 64KB, and the number of scatter/gather segments was limited to 33 on platforms with 4K pages.

The twa(4) driver has been updated. The version number is

2.3.5. File Systems

The linprocfs(5) Linux process file system now supports proc/$$/environment.

The FreeBSD NFS client now supports a kernel environment variable boot.nfsroot.nfshandlelen. This lets the diskless root file system on boot to use NFS version 3 and the specified file handle length. If this variable is not set, NFS version 2 is used.

The ZFS on-disk format has been updated to version 15.

The ZFS metaslab code has been updated. This provides a noticeable improvement on write speed, especially on pools with less than 30% of free space. The related OpenSolaris Bug IDs are 6826241, 6869229, 6918420, and 6917066.

The ZFS now supports offlining of log devices. The related OpenSolaris Bug IDs are 6599442, 6726045, and 6803605.

Performance improvements for the ZFS have been imported from OpenSolaris. They include caching of ACL permission checks, faster handling of stat(2), mitigation of mutex lock contention. The related OpenSolaris Bug IDs are 6802734, 6844861, 6848431, 6775100, 6827779, 6857433, 6860318, 6865875, 6867395, 6868276, and 6870564.

The default value of vfs.zfs.vdev.max_pending has been decreased from 35 to 10 (OpenSolaris Bug ID is 6891731) to improve latency.

Various bugs in the ZFS subsystem have been fixed. The related OpenSolaris Bug IDs are: 6328632, 6396518, 6501037, 6504953, 6542860, 6551866, 6572357, 6572376, 6582163, 6586537, 6595194, 6596237, 6604992, 6621164, 6623978, 6633095, 6635482, 6664765, 6674216, 6696242, 6696858, 6702206, 6710376, 6713916, 6717022, 6722540, 6722991, 6737463, 6739487, 6739553, 6740164, 6745863, 6747596, 6747698, 6748436, 6755435, 6757430, 6758107, 6759986, 6759999, 6761100, 6761406, 6764124, 6765294, 6767129, 6769612, 6770866, 6774713, 6774886, 6775697, 6776104, 6776548, 6780491, 6784104, 6784108, 6785914, 6788152, 6788830, 6789318, 6790064, 6790345, 6790687, 6791064, 6791066, 6791071, 6791101, 6792134, 6792139, 6792884, 6793430, 6794136, 6794570, 6794830, 6797109, 6797118, 6798384, 6798878, 6799895, 6800184, 6800942, 6801507, 6801810, 6803343, 6803822, 6804954, 6807339, 6807765, 6809340, 6809683, 6809691, 6810367, 6815592, 6815893, 6816124, 6818183, 6821169, 6821170, 6822816, 6824006, 6824062, 6824968, 6826466, 6826468, 6826469, 6826470, 6826471, 6826472, 6827260, 6830237, 6830541, 6833162, 6833711, 6833999, 6834217, 6836714, 6836768, 6838062, 6838344, 6841321, 6843014, 6843069, 6843235, 6844069, 6844900, 6847229, 6848242, 6856634, 6857012, 6861983, 6862984, 6863610, 6870564, 6880764, 6882227, 6892298, 6898245, 6906110, 6906946, 6939941, 6950219, 6951024, and 6953403.

2.4. Userland Changes

The arp(8) utility has been improved. It now runs faster even when a single interface has a number of aliases.

A bug in the b64decode(1) utility that prevented an -r option from handling arbitrary breaks in a base64 encoded string has been fixed.

The calendar(1) utility now supports repeating events which span multiple years, lunar events, and solar events.

The dhclient(8) utility now reports a reason for exiting and the 10-second period in which the dhclient(8) ignores routing messages has been changed to start just after dhclient-script starts instead of just after it finished. This change fixes a symptom that dhclient(8) silently exits under a certain condition.

Userland support for the dtrace(1) subsystem has been added. This allows inspection of userland software itself and its correlation with the kernel, thus allowing a much better picture of what exactly is going on behind the scenes. The dtruss(1) utility has been added and the libproc library has been updated to support the facility.

The du(1) utility now supports a -t threshold option to display entries that exceeds the value of threshold. If the value is negative, it displays entries with a value less than the absolute value of threshold.

The fdisk(8) utility now supports partitions which are provided by gjournal(8) or geli(8) GEOM classes.

The gcore(1) utility now supports an -f flag which forces a full dump of all the segments except for the malformed ones.

The geli(8) utility now supports resize subcommand to resize encrypted file systems after growing it.

The geli(8) utility now supports suspend and resume subcommands. The suspend subcommand makes geli(8) devices wait for all in-flight I/O requests, suspend new I/O requests, remove all geli(8) sensitive data from the kernel memory (like encryption keys) and will wait for either geli resume or geli detach command. For more information, see geli(8) manual page.

The geli(8) utility now checks the metadata provider size strictly. If the check fails, the provider is not attached. A new option -f can override this behavior.

The geli(8) utility now supports -J newpassfile and -j oldpassfile options for loading passphrase from a file.

The gethost*(), getnet*(), and getproto*() functions now set the errno to ERANGE and the NSS backend terminates with NS_RETURN when the result buffer size is too small.

The gpart(8) utility now supports a resize command to resize partitions for all schemes but EBR.

The gpart(8) utility now supports backup and restore subcommands to backup partition tables and restore them.

The gpart(8) utility now handles given geom/provider names with and without /dev/ prefix.

The gpart(8) utility now supports an -F option for the destroy subcommand. This option forces destroying of the partition table even if it is not empty.

The gpart(8) utility now supports a recover subcommand for GPT partition tables. A corrupted GPT is now marked when the following three types of corruption:

  • Primary GPT header or table is corrupted.

  • Secondary GPT header or table is corrupted.

  • Secondary GPT header is not located at the last LBA.

Changes to the corrupted GPT table are not allowed except for destroy and recover subcommands.

The gpart(8) utility now supports GPT_ENT_ATTR_BOOTME, GPT_ENT_ATTR_BOOTONCE, and GPT_ENT_ATTR_BOOTFAILED attributes in GPT. The attribute keywords in the command line are bootme, bootonce, and bootfailed respectively.

An issue in the newfs(8) utility has been fixed. A UFS1 file system created with 64KB blocksize was incorrectly recognized as one with a broken superblock. This is because the FreeBSD kernel checks a partition first for a UFS2 superblock at 64KB offset while it is possible that a UFS1 file systems with 64KB blocksize has an alternative superblock at the same location. For example, a file system created by newfs -U -O 1 -b 65536 -f 8192 could lead to this symptom.

The hastd(8) utility now supports SIGHUP for reloading the configuration file. When SIGTERM or SIGINT is received, the worker processes terminate.

The ifconfig(8) utility now check an invalid CIDR subnet notation more strictly. It wrongly accepted as

An accuracy issue in the jn(3) and jnf(3) functions in libm has been fixed.

Incorrect behaviors in stuttering sequences and reverse ranges in the jot(1) utility have been fixed.

The libarchive library and tar(1) utility now support LZMA (Lempel-Ziv-Markov chain-Algorithm) compression format.

The tar(1) utility now supports a blocksize which is up to 8192 (4MB) in the -b blocksize option.

A bug in the lpr(1) utility that prevented it from working with some files on a ZFS file system has been fixed.

The -p option in the mount(8) utility now displays the rw mount option correctly as in the fstab(5) format.

The ncal(1) utility has been updated. The option -b has been replaced with -C and -B number. Options -3 to show previous, current and next month, and -A number to show months after current month have been added. The option -m N YYYY now prints only the month, not the whole year.

The newsyslog(8) utility now supports an -S pidfile option to override the default syslogd(8) PID file.

The newsyslog(8) utility now supports a special log file name <include> for processing file inclusion. Globbing in the file name and circular dependency detection are supported. For more details, see the newsyslog.conf(5) manual page.

The ntpd(8) utility is now compiled with shared memory reference clock driver. For example, GPS devices can be used as source of precise time via astro/gpsd in the Ports Collection.

An off-by-one error in the pax(1) utility when ustar file name is too long has been fixed.

The pkill(1) utility now supports an -l option like the kill(1) utility does.

The pmcstat(8) utility now supports a file and a network socket as a top source. A new option -O filename specifies to send log output to filename, and another new option -R filename specifies to receive events from filename. For a socket, the filename is in a form of ipaddr:port. This allows top monitoring over TCP on a system with no local symbols, for example.

The pom(6) utility now supports a -p flag to print only the percentage.

The powerd(8) utility now supports an -m freq and -M freq to control the minimum and maximum frequency, respectively.

The ruptime(1) utility now displays hostnames longer than 12 characters.

A behavior of the sh(1) program when an -u option is specified has been changed. The special parameters $@ and $* no longer cause an error when there are no positional parameters.

A bug in the sh(1) program has been fixed. A SIGINT signal is now passed through from a child process if the shell is interactive and the job control is enabled. For example, aborting sleep(1) command by Ctrl-C no longer display ok in the following command line:

% sleep 5; echo ok

The sh(1) program now supports a bg command consisting solely of redirections. For example:

% < /dev/null &

The sleep(1) utility now supports the SIGINFO signal and reports the specified sleep time and the remaining time.

The tftp(1) and tftpd(8) utilities have been improved for better interoperability and they now support RFC 1350, 2347, 2348, 2349, and 3617.

A bug in [=]=] equivalent class handling in the tr(1) utility has been fixed. A closing bracket immediately after [= was incorrectly treated as special.

The uname(1) utility now supports an -o flag as a synonym for the -s flag for compatibility with other systems.

Bugs in vi(1) utility have been fixed. They include handling of ^@ and ^C in insert mode when reading an ex command.

The watchdogd(8) program now uses MADV_PROTECT memory flag to protect itself from being terminated by the FreeBSD kernel when available memory becomes short. This kind of process termination happens in a swap-intensive workload.

The set sharenfs command in the zfs(8) utility now supports sec option.

2.4.1. /etc/periodic Scripts

A periodic script for zfs scrub has been added. For more details, see periodic.conf(5) manual page.

A periodic script which can be used to find installed ports' files with mismatched checksum has been added. For more details, see the periodic.conf(5) manual page.

2.5. Contributed Software

The ACPI-CA has been updated to 20101013.

The ee(1) program has been updated to version 1.5.2.

ISC BIND has been updated to version 9.6-ESV-R3.

netcat has been updated to version 4.8.

OpenSSL has been updated to version 0.9.8q.

sendmail has been updated to version 8.14.9.

The timezone database has been updated to the tzdata2010o release.

The xz has been updated from snapshot as of 12 April 2010 to 5.0.0 release

2.6. Ports/Packages Collection Infrastructure

The pkg_create(1) utility now supports LZMA (xz) compression. Note that the default is still bzip2.

2.7. Release Engineering and Integration

The sysinstall(8) utility now uses the following numbers for default and minimum partition sizes: 1GB for /, 4GB for /var, and 1GB for /tmp.

The sysinstall(8) utility now attempts to enable getty(8) on a serial port when no VGA card is detected on the system.

The supported version of the GNOME desktop environment (x11/gnome2) has been updated to 2.32.1.

The supported version of the KDE desktop environment (x11/kde4) has been updated to 4.5.5.

3. Upgrading from previous releases of FreeBSD

Upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded has Internet connectivity.

An older form of binary upgrade is supported through the Upgrade option from the main sysinstall(8) menu on CDROM distribution media. This type of binary upgrade may be useful on non-i386, non-amd64 machines or on systems with no Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.


Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files.