Copyright © 2012 The FreeBSD Documentation Project
244869 2012-12-30 17:54:25Z hrs $
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
SPARC, SPARC64, SPARCengine, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol.
The release notes for FreeBSD 9.1-RELEASE contain a summary of the changes made to the FreeBSD base system on the 9.1-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 9.1-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 9.1-RELEASE is a release distribution. It can be found at http://www.FreeBSD.org/releases/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the “Obtaining FreeBSD” appendix to the FreeBSD Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 9.1-RELEASE can be found on the FreeBSD Web site.
This section describes the most user-visible new or changed features in FreeBSD since 9.0-RELEASE.
Typical release note items document recent security advisories issued after 9.0-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from http://security.FreeBSD.org/.
|SA-12:01.openssl||3 May 2012||
OpenSSL multiple vulnerabilities
|SA-12:02.crypt||30 May 2012||
|SA-12:03.bind||12 June 2012||
Incorrect handling of zero-length RDATA fields in named(8)
|SA-12:04.sysret||12 June 2012||
Privilege escalation when returning from kernel
|SA-12:05.bind||6 August 2012||
named(8) DNSSEC validation Denial of Service
|SA-12:06.bind||22 November 2012||
Multiple Denial of Service vulnerabilities with named(8)
|SA-12:07.hostapd||22 November 2012||
Insufficient message length validation for EAP-TLS messages
|SA-12:08.linux||22 November 2012||
Linux compatibility layer input validation error
The FreeBSD Jail subsystem now supports mounting
ZFS filesystem inside a jail. New
allow.mount.zfs to control the per-jail capabilities have
been added. All of them are disabled by default.[r232728]
kern.eventtimer.activetick has been added.
This tunable specifies whether each hardclock tick should be run on every
active CPU or only one. By setting it to 0, the total
number of interrupts can be reduced on SMP machines. The default value is 1.[r234167]
The FreeBSD Linux ABI compatibility layer now supports the
linux_fadvise64_64() system calls.[r231145]
The FreeBSD sched_ule(4) scheduler has been improved for CPU load balancing on SMT (Simultaneous MultiThreading) CPUs. It gives a 10-15% performance improvement when the number of threads is lesser than the number of logical CPUs.[r233599]
[sparc64] The PREEMPTION kernel option is now enabled in the GENERIC kernel.[r235992]
utility now supports configuration of PXE boot via the boot0 boot block temporarily on the next boot. The slice
number 6 or a keyword PXE can be
specified to enable PXE boot using the
The gptboot boot block now reads the backup GPT header from the last LBA only when the primary GPT header and tables are invalid. This mitigates interoperability issues with some geom(4) providers like MIRROR which use the last LBA for the metadata.[r234693]
The zfsboot boot block and zfsloader support filesystems within a ZFS storage pool. In zfsloader, the ZFS device name format is now zfs:pool/fs and the fully qualified file path format is zfs:pool/fs:/path/to/file. The zfsboot boot block accepts the kernel/loader name in the format pool:fs:path/to/file or, as before, pool:path/to/file. In the latter case a default filesystem is used (the pool root or a filesystem with the bootfs property). The zfsboot boot block passes the GUIDs of the selected storage pool and dataset to zfsloader to be used as its defaults.[r237766]
[sparc64] FreeBSD/sparc64 now supports booting from ZFS via the zfsboot boot block and zfsloader. For example, the following commands create a mirrored storage pool rpool consisting of da0a and da0b and configure the storage pool as the root filesystem:[r236076]
# gpart create -s vtoc8 da0 # gpart add -t freebsd-zfs -s 10g da0 # gpart add -t freebsd-swap -s 10g da0 # gpart add -t freebsd-zfs -s 10g da0 # zpool create rpool mirror da0a da0b # zpool set bootfs=rpool rpool # zpool export rpool # gpart bootcode -p /boot/zfsboot da0 # sysctl kern.geom.debugflags=0x10 # dd if=/boot/zfsloader of=/dev/da0a bs=512 oseek=1024 conv=notrunc # dd if=/boot/zfsloader of=/dev/da0b bs=512 oseek=1024 conv=notrunc # zpool import rpool # cp -p /boot/zfs/zpool.cache /rpool/boot/zfs/zpool.cache # zfs set mountpoint=/ rpool
[amd64] A workaround for Erratum 721 for AMD Processor Family 10h and 12h has been implemented. Under a highly specific and detailed set of internal timing conditions, the processor may incorrectly update the stack pointer after a long series of push and/or near-call instructions, or a long series of pop and/or near-return instructions.[r233798]
[powerpc] The atibl(4) driver, which supports backlight control of ATI graphics chips on PowerBooks and iBooks, has been added.[r232677]
[arm] The cesa(4) driver for the Marvell crypto engine and security accelerator has been added.[r234559]
The pcf8563(4) driver for the NXP (Philips) PCF8563 RTC has been added.[r236078]
[powerpc] FreeBSD/powerpc now supports the PWM-controlled fans found on the PowerMac SMU (System Management Unit).[r233471]
[arm] FreeBSD/arm now supports the Atmel SAM9XE family of microcontrollers.[r236081]
variables have been added:
kern.proc.auxv for ELF auxiliary
vectors from a process's stack,
kern.proc.rlimit for process resource
kern.proc.ps_strings for the ps_strings
kern.proc.osrel for the osreldate of the
process's binary.[r230754, r233950]
The drm2(4) Intel GPU driver, which supports GEM and KMS and works with new generations of GPUs such as IronLake, SandyBridge, and IvyBridge, has been added. The agp(4) driver now supports SandyBridge and IvyBridge CPU northbridges.[r236926, r236927, r239965]
The snd_hda(4) driver has been updated. It now supports and provides HDMI, new volume control, automatic recording source selection, runtime reconfiguration, more then 4 PCM devices on a controller, multichannel recording, additional playback/record streams, higher bandwidth, and more informative device names.[r232798]
GPL-licensed headers in the snd_emu10kx(4), snd_maestro3(4), and snd_csa(4) drivers have been replaced with BSD-licensed one. These drivers are now fully BSD-licensed and included in the GENERIC kernel on FreeBSD/amd64 and FreeBSD/i386.[r230964, r230985, r231047, r235769]
The bce(4) driver has been improved:
Unnecessary link up/down has been eliminated.[r229864]
A bug has been fixed which could prevent IPMI from working when the interface was marked as down.[r236216]
It now supports remote PHYs, which allow the controller to perform MDIO type accesses to a remote transceiver by using message pages defined through MRBE (MultiRate Backplane Ethernet). This is found on machines such as the Dell PowerEdge M610 Blade.[r235818]
The bge(4) and brgphy(4) drivers have been improved:
A bug which could prevent DMA functionality from working correctly has been fixed.[r229350]
It now works with a PCI-X BCM 5704 controller that is connected to AMD-8131 PCI-X bridge.[r233495]
have been updated to firmware version 22.214.171.124. They now support device
configuration via a plain text configuration file, IPv6 hardware checksumming,
IPv6 TSO and LRO, a loadfw command in the
cxgbetool(8) utility which allows installing a firmware to the card, and
dev.t4nex.N.misc for various information.[r231093, r237925]
The et(4) driver
now works on all platforms. A bug which could prevent
from working has been fixed. A new
dev.et.N.stats has been added for hardware MAC
statistics.[r229711, r229717, r229720]
driver now supports device hints
hint.miibus.N.phymask for PHY addresses being probed.
This is useful to manually probe PHYs which do not implement basic the register set
of IEEE 802.3. Also, the
has been changed to a hinted bus, allowing to add child devices via hints and
to set their attach arguments in addition to automatically-probed PHYs.[r230709]
The nsphyter(4) driver now supports National DP83849.[r232137]
skipto tablearg ip from any to any via table(42) in
An IPv6 default route configured via Router Advertisement messages is now reinstalled correctly when the default route is manually removed and then another RA message is received for the same route.[r230604]
A bug which could return an incorrect value for the IPV6_MULTICASE_HOPS socket option has been fixed.[r227885]
The netmap(4) fast packet I/O framework has been added. The em(4), lem(4), igb(4), and re(4) drivers now support this framework. The technical details can be found at http://info.iet.unipi.it/~luigi/netmap/.[r231650, r235527]
stack now supports a new
net.inet.sctp.blackhole. If this is set
to 1, no ABORT is sent back in
response to an incoming INIT. If this is set to 2, no ABORT is sent back in response
to an out-of-the-blue packet. If set to 0 (the
default), ABORTs are sent.[r231045]
The SO_PROTOCOL and SO_PROTOTYPE socket options have been added. These return the socket protocol number.[r232805]
The TCP_KEEPINIT, TCP_KEEPIDLE, TCP_KEEPINTVL, and TCP_KEEPCNT socket options have been added. These allow controlling initial timeout, idle time, idle resend interval, and idle send count on a per-socket basis.[r232945]
now supports a new
hw.ahci.force. This controls whether it
attempts to attach an AHCI-capable device even if it is configured to use legacy
emulation. This is enabled by default.[r229291]
kern.cam.pmp.hide_special has been added.
This controls whether special PMP ports such as PMP (Port MultiPlier)
configuration or SEMB (SATA Enclosure Management Bridge) will be exposed or hidden.
The default value is 1 (hidden).[r236765]
The ctl(4) driver, which supports cam(4) Target Layer and ctladm(8), a userland control utility, have been added. ctl(4) is a disk and processor device emulation subsystem supporting tagged queuing, SCSI task attribute, SCSI implicit command ordering, full task management, multiple ports, multiple simultaneous initiators, multiple simultaneous backing stores, mode sense/select, and error injection support.[r231772]
The cd(4) driver now supports Audio CDs in the same way as acd(4) did. It will report a 2352-byte sector size to the geom(4) subsystem and use the READ CD command for reading the data. This fixes an interoperability issue with multimedia/vlc.[r230014]
The da(4) driver now
supports BIO_DELETE. To select the method, a new
kern.cam.da.N.delete_method has been added for each
device instance. The following values are supported:[r236677]
|NONE||no provisioning support reported by the device|
|DISABLE||provisioning support was disabled because of errors|
|ZERO||WRITE SAME (10) command to write zeroes|
|WS10||WRITE SAME (10) command with UNMAP bit set|
|WS16||use WRITE SAME (16) command with UNMAP bit set|
|UNMAP||use UNMAP command (equivalent of the ATA DSM TRIM command)|
When it was NONE, the device did not report logical block provisioning support via respective VPD pages. One can set a specific method for testing and it will be disabled automatically when not supported on the device.
The MULTIPATH geom(4) class has been updated. It now supports Active/Active mode, Active/Read mode as hybrid of Active/Active and Active/Passive, keeping a failed path without removing the geom provider, manual configuration without on-disk metadata, and add, remove, fail, restore, configure subcommands in the gmultipath(8) utility to manage the configured paths.[r229303, r234916]
The PART_LDM geom(4) class has been added. This partition scheme has support for Logical Disk Manager, which is also known as dynamic volumes in Microsoft Windows NT. Note that JBOD, RAID0, and RAID5 volumes are not supported yet.[r234406]
mfi0: COMMAND 0xffffffXXXXXXXXXX TIMEOUT AFTER XX SECONDS
The mps(4) driver has been updated to version 14.00.00.01-fbsd. This now supports Integrated RAID, WarpDrive controllers, WRITE12 and READ12 for direct I/O, SCSI protection information (EEDP), Transport Level Retries (TLR) for tape drives, and LSI's userland utility.[r230920, r231679, r237876]
The FreeBSD NFS filesystem has been improved:
It now supports a timeout on positive name cache entries on the client side. A
new mount option
nametimeo has been added and
set to 60 (in seconds) by default.[r233326]
A memory leak when a ZFS volume is exported via the FreeBSD NFS server has been fixed.[r234740]
A bug has been fixed. When a process writes to an mmap-backed file on an NFS
filesystem, flushing changes to the data could fail under some circumstances
such as errors due to permission mismatch, and this failure could not be detected
as an error. A new
been added to control the behavior on the client side related to this issue. When
this is set to 1, the pages where a write operation
failed are kept dirty. The default value is set to 0.[r233730]
filesystem now supports a
disables the check for UTF-8 compliance in filenames. This is disabled by default.
Note that enabling this may help wht some interoperability issues but results
in an NFSv4 server that is not RFC 3530 compliant.[r229799]
New properties, clones and written, have been added.
The zfs(8) send command now reports an estimated size of the stream.
zfs(8) destroy command now reports an estimate of the space which
would be reclaimed, when
-n is specified.
zfs(8) get command now supports the
-t type flag to specify the data type.
A simple script zfsboottest.sh has been added to the source tree. This checks if the system is configured correctly when using ZFS as the root filesystem. The script is located at /usr/src/tools/tools/zfsboottest.sh and it uses the zfsboottest binary program in the same directory.[r227705]
The binary program can be built and installed by the following command:
# cd /usr/src/tools/tools/zfsboottest # make # make install
After that, the following command can be used to check the system. poolname is the ZFS storage pool name to boot:
# sh /usr/src/tools/tools/zfsboottest/zfsboottest.sh poolname
vfs.zfs.txg.timeout has been changed from
read-only to writable.
The camcontrol(8) utility now supports a fwdownload subcommand for firmware update on SCSI devices from Hitachi, HP, IBM, Plextor, Quantum, and Seagate. This subcommand will reprogram the firmware on devices connected over an ATA/SATA transport.[r237740]
The dhclient(8) utility now supports domain-search (option number 119, described in RFC 3397). This allows a DHCP server to publish a list of implicit domain suffixes used during name lookup. If this option is specified, a search keyword will be added to /etc/resolv.conf.[r230597]
libedit has been updated to a NetBSD snapshot as of 28 December, 2009.[r237738]
Lock handling performance in the libthr pthread library has been improved. It now works 10 times faster especially under the condition that a mutex is heavily contested.[r234372]
A new C++ stack has been imported. This consists of libcxxrt, originally developed by a FreeBSD developer under contract by PathScale and open sourced by the FreeBSD and NetBSD foundations, and libc++ from the LLVM project. libcxxrt is a drop-in replacement for GNU libsupc++, which implements the C++ runtime support for features such as run-time type information, dynamic casting, thread-safe static initializer, and exceptions. libc++ implements the C++11 standard library, and will replace GNU libstdc++ in a future release. In 9.1-RELEASE, libstdc++ is still installed as standard and now dynamically links against libsupc++. This allows libraries linking libstdc++ and libc++ to both be used in the same program, to aid migration.[r235798]
utility now supports a
-e flag to display PCI error
details in listing mode. When this is specified, the status of any error bits
in the PCI status register and PCI-express device status register will be displayed.
It also lists any errors indicated by version 1 of PCI-express Advanced Error
A bug in the remquo(3) functions where the quotient did not always have the correct sign when the remainder was 0, and another bug that the remainder and quotient were both off by a bit in certain cases involving subnormal remainders, have been fixed. Note that these bugs affected all platforms except amd64 and i386.[r234535]
The xlocale(3) API has been implemented. This consists of _l-suffixed versions of various standard library functions that use the global locale, making them take an explicit locale parameter and allowing thread-safe extended locale support. Most of these APIs are required for IEEE Std 1003.1-2008 (POSIX.1-2008 or ISO/IEC 9945:2009) compatibility, and are required by libc++ and recent versions of GNOME. This implementation also supports several extensions for compatibility with Apple Darwin.[r235785]
A new variable
has been added. It controls whether or not to list all of the ZFS pools in
periodic/daily/404.status-zfs. The default value is YES.[r231721]
The default value of
daily_scrub_zfs_default_threshold used in periodic/daily/800.scrub-zfs is now set to 35 days.[r229381]
ISC BIND has been updated to version 9.8.3-P4.[r241417]
The compiler-rt library, which provides low-level target-specific interfaces such as functions in libgcc, has been updated to revision 147467.[r236018]
The libpcap library has been updated to 1.2.1.[r236167]
libstdc++ has been updated to revision 135556 of the gcc-4_2-branch (the last LGPLv2-licensed version).[r229551]
The LLVM compiler infrastructure and clang, a C language family front-end, version 3.1 have been imported. Note that it is not used for building the FreeBSD base system by default.[r236144]
The netcat utility has been updated to version 5.1.[r235971]
OpenSSL has been updated to version 0.9.8x.[r237998]
The timezone database has been updated to the tzdata2012a release.[r233447]
The zlib library has been updated to version 1.2.7.[r237691]
[amd64, i386] Beginning with FreeBSD 6.2-RELEASE, binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as an unmodified GENERIC kernel, distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported using to the instructions in /usr/src/UPDATING.
For more specific information about upgrading instructions, see http://www.FreeBSD.org/releases/9.1R/installation.html.
Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files.
FreeBSD 9.0 and later have several incompatibilities in system configuration which you might want to know before upgrading your system. Please read this section and the Upgrading Section in 9.0-RELEASE Release Notes carefully before submitting a problem report and/or posting a question to the FreeBSD mailing lists.
This file, and other release-related documents, can be downloaded from http://www.FreeBSD.org/releases/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
All users of FreeBSD 9.1-STABLE should subscribe to the <stable@FreeBSD.org> mailing list.
For questions about this documentation, e-mail <doc@FreeBSD.org>.