FreeBSD 7.3-RELEASE Release Notes The FreeBSD Project Copyright (c) 2010 The FreeBSD Documentation Project $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/article.sgml,v 1.1068.2.34.2.8 2010/03/20 16:39:28 hrs Exp $ FreeBSD is a registered trademark of the FreeBSD Foundation. IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both. IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States. Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the "(TM)" or the "(R)" symbol. The release notes for FreeBSD 7.3-RELEASE contain a summary of the changes made to the FreeBSD base system on the 7.3-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. -------------------------------------------------------------- Table of Contents 1 Introduction 2 What's New 2.1 Security Advisories 2.2 Kernel Changes 2.2.1 Boot Loader Changes 2.2.2 Hardware Support 2.2.3 Network Protocols 2.2.4 Disks and Storage 2.2.5 File Systems 2.3 Userland Changes 2.3.1 /etc/rc.d Scripts 2.4 Contributed Software 2.5 Ports/Packages Collection Infrastructure 2.6 Release Engineering and Integration 3 Upgrading from previous releases of FreeBSD 1 Introduction This document contains the release notes for FreeBSD 7.3-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. This distribution of FreeBSD 7.3-RELEASE is a release distribution. It can be found at ftp://ftp.FreeBSD.org/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the "Obtaining FreeBSD" appendix to the FreeBSD Handbook. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 7.3-RELEASE can be found on http://www.FreeBSD.org/releases/7.3R/errata.html. -------------------------------------------------------------- 2 What's New This section describes the most user-visible new or changed features in FreeBSD since 7.2-RELEASE. Typical release note items document recent security advisories issued after 7.2-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. -------------------------------------------------------------- 2.1 Security Advisories Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from http://security.FreeBSD.org/. Advisory Date Topic SA-09:09.pipe 10 June 2009 Local information disclosure via direct pipe writes SA-09:10.ipv6 10 June 2009 Missing permission check on SIOCSIFINFO_IN6 ioctl SA-09:11.ntpd 10 June 2009 ntpd stack-based buffer-overflow vulnerability SA-09:12.bind 29 July 2009 BIND named(8) dynamic update message remote DoS SA-09:14.devfs 2 Oct 2009 Devfs / VFS NULL pointer race condition SA-09:15.ssl 3 Dec 2009 SSL protocol flaw SA-09:16.rtld 3 Dec 2009 Improper environment sanitization in rtld(1) Inappropriate directory SA-09:17.freebsd-update 3 Dec 2009 permissions in freebsd-update(8) SA-10:01.bind 6 Jan 2010 BIND named(8) cache poisoning with DNSSEC validation SA-10:02.ntpd 6 Jan 2010 ntpd mode 7 denial of service SA-10:03.zfs 6 Jan 2010 ZFS ZIL playback with insecure permissions -------------------------------------------------------------- 2.2 Kernel Changes The closefrom(2) system call has been added. This closes any open file descriptors which are equal to or larger than the specified value. Note that this does not fail with any errors and this is not multi-thread safe. The ddb(8) subcommands for geom(8) now supports pagination. The futimes(2), lutimes(2), and utimes(2) system call now support a sysctl variable vfs.timestamp_precision. The jail(8) subsystem now supports security.jail.ip4_saddrsel and security.jail.ip6_saddrsel sysctl variables to control whether to use source address selection or the primary jail address for unbound outgoing connections. The default is that the source address selection is enabled. Also, the jail parameter ip4.saddrsel and ip6.saddrsel are boolean option to enable the source address selection for IPv4 and IPv6, respectively. If the boolean parameters ip4.nosaddrsel and ip6.nosaddrsel are set, the child jails do not inherit the address selection options of the parent. [amd64] The kmem_map KVA space has been increased to 512GB. The lindev(4) driver has been added. This is for Linux-specific pseudo devices and currently used only for /dev/full. FreeBSD Linux emulation layer now supports SO_PEERCRED socket option, MSG_CMSG_CLOEXEC for recvmsg(), and robust futex. The futex has been reimplemented by using sx(9) lock. Initial support of ktr(4) tracing has also been added. A lock handling error has been fixed in interaction between malloc(3) implementation and threading library. When a multi-threaded process calls the fork(2) system call in a thread and the malloc(3) function in another thread, it caused a deadlock in the child process. PECOFF image activator support has been removed. FreeBSD now supports POSIX semaphores (P1003_1B_SEMAPHORES kernel option) by default. A deadlock in the sched_ule(4) scheduler has been fixed. For more details, see EN-10:02.sched_ule. The sglist(9) API to manage scatter/gather lists of physical addresses has been added. FreeBSD ABI of some of the structures used by the System V IPC API has been changed internally, and it now supports shared memory segments for System V IPC which is larger than 2GB on 64-bit platforms. For new kernel modules, the kern_msgctl(), kern_semctl(), and kern_shmctl() functions will be transparently renamed to the new kern_new_*() functions by using ABI shims. The old functions remain as the old names to provide backward compatibility for older kernel modules. A new sysctl variable security.bsd.map_at_zero has been added and set to 1 (allow) by default. This controls whether FreeBSD allows to map an object at the address 0, which is part of the user-controlled portion of the virtual address space. Disabling this has some effect on preventing an attack which injects malicious code into that location and triggers a NULL pointer dereference in the kernel. -------------------------------------------------------------- 2.2.1 Boot Loader Changes A new boot loader gptzfsboot, which supports GPT and ZFS has been added. The boot loader zfsboot now always uses 64-bit LBAs and supports more than seven drives in the ZFS pools. A bug in zfsboot has been fixed. A /boot.config smaller than 512 bytes was ignored. zfsloader, the final boot loader similar to loader(8) which supports ZFS has been added. A bug in the boot loader has been fixed. It failed to recognize GPT correctly when the system supports both of MBR and GPT and they are synchronized with each other. [pc98] The boot2 program has been reimplemented based on the latest version for i386. -------------------------------------------------------------- 2.2.2 Hardware Support The amdsbwd(4) driver for AMD SB600/SB7xx watchdog timer has been added. The cpuctl(4) driver now supports atomically setting/clearing individual bits of a MSR register. Two new ioctl calls CPUCTL_MSRSBIT and CPUCTL_MSRCBIT treat the data field of struct in the argument passed as a mask and set/clear bits of the MSR register according to the mask value. The cpucontrol(8) utility also supports this feature. For more details, see Userland Changes section. The cpufreq(4) driver now supports Phenom (Family 10h). [amd64, i386] CPU cache flushing has been optimized when changing caching attributes of pages by doing nothing for CPUs that support self-snooping and using CLFLUSH instead of a full cache invalidate when possible. FreeBSD does not use CLFLUSH on Intel CPUs due to problems with flushing the local APIC range by default. This can be controlled via the hw.clflush_disable loader tunable. A setting of 1 disables the use of CLFLUSH. A setting of 0 allows CLFLUSH to be used for Intel CPUs when CPUID_SS is not present. This fixes a kernel panic occurred on Xen which disables self-snooping. [sparc64] The epic(4) driver for the front panel LEDs in Sun Fire V215/V245 has been added. [sparc64] The fire(4) driver for "Fire" JBus to PCIe bridges found in at least the Sun Fire V215/V245 and Sun Ultra 25/45 machines has been added. [amd64, i386] The hwpmc(4) driver for Hardware Performance Monitoring Counter support has been added. This consists of the kernel driver, pmc(3) interface library, and userland utilities pmcannotate(8), pmccontrol(8), and pmcstat(8), and allows applications to use hardware performance counters to gather performance data about specific processes or for the system as a whole. Several bugs in the ipmi(4) driver which prevents the watchdog timeout setting from working, have been fixed. The k8temp(4) driver has been renamed with amdtemp(4). The new driver supports AMD K10 and K11 as well as K8. A loader tunable hw.mca.enabled has been added. This can be used to enable/disable the machine check code. Disabled by default. A sysctl variable hw.pagesizes has been added. This reports all of the supported page sizes on the system. PCI Express memory-mapped configuration space access, ACPI MCFG table support, and BAR (Base Address Register) handling in the pci(4) subsystem has been improved. This is disabled by default and can be enabled by setting a loader tunable hw.pci.mcfg to 1. This value can be queried via a sysctl variable of the same name. [amd64, i386] FreeBSD now supports VIA Nano processor family. -------------------------------------------------------------- 2.2.2.1 Multimedia Support DRM now supports Radeon HD 4200 (RS880), 4770 (RV740), and R6/7xx 3D, and Intel G41 chips. The vgapci(4) driver for PCI VGA display devices which can attach devices as the children now supports proxying of PCI MSI/MSI-X (Message Signaled Interrupt) requests and bus interrupt requests for the child devices. This allows child devices to use MSI/MSI-X interrupts. -------------------------------------------------------------- 2.2.2.2 Network Interface Support The alc(4) driver for Atheros AR8131/AR8132 PCIe Ethernet controller has been added. A bug in the bce(4) driver has been fixed. When adding a bce(4) interface on the system as a lagg(4) member with the LACP aggregation protocol enabled network communication via the bce(4) interface stopped completely. Although the bce(4) interface worked if it was not a lagg(4) member, the incoming traffic statistics which can be found in netstat(1) output was incorrect because every packet was recognized as full-sized one. Several bugs in the bge(4) driver have been fixed. It caused a panic when a lot of traffic is being handled on the interface while the system is shutting down, and had a DMA issue when buffer address crosses a multiple of the 4GB boundaries. The bge(4) driver now supports TSO (TCP segmentation offloading) for BCM5755 or newer chips. [sparc64] The cas(4) driver has been added to provide support for Sun Cassini/Cassini+ and National Semiconductor DP83065 Saturn Gigabit Ethernet devices. The cxgb(4) driver has been upgraded to the latest version. The firmware version is 7.8.0. The et(4) driver now supports IPv4/TCP/UDP Tx checksum offloading. The fxp(4) driver has been improved. The multicast filter re-programming is now more robust. A bug which caused incorrect IP packet length in the header when TSO (TCP segmentation offloading) is enabled has been fixed. This fixes poor performance when TSO is enabled in the previous releases. The msk(4) driver has been improved for robust operation. Also, it now supports Yukon FE+ A0 including 88E8040, 88E8040T, 88E8042, 88E8048, 88E8057, and 88E8070. Several bugs in the mxge(4) driver have been fixed and the firmware version is now 1.4.48b. It could lose the promiscuous flag on resetting and cause a kernel panic on the hardware fault. A bug in the nfe(4) driver has been fixed. It caused buffer allocation failure for jumbo frames. The nge(4) driver has been improved and now works on all supported platforms. It now supports altq(4), hardware checksum offloading for vlan(4) tagged frames, WoL (Wake-on-Lan), jumbo frames, and PCI MWI (Memory Write and Invalidate) commands. Hardware MAC statistics can be obtained via a new sysctl variable dev.nge.N.stats. Another new sysctl variable dev.nge.N.int_holdoff has been added to control interrupt moderation. The valid ranges are 1 (100us) to 255, and the actual delivery of interrupt would be delayed based on this value. The default is 1. For more details, see nge(4) manual page. The ste(4) driver has been improved and now works on all supported platforms. It now supports suspend/resume and WoL (Wake-on-Lan). Hardware MAC statistics can be obtained via a new sysctl variable dev.ste.N.stats. Another new sysctl variables dev.ste.N.int_rx_mod has been added to control RX interrupt moderation time. The default value is 150 (150us). For more details, see ste(4) manual page. The vge(4) driver has been improved. It now supports hardware checksum offloading for vlan(4) tagged frames and WoL (Wake-on-Lan). Hardware MAC statistics can be obtained via a new sysctl variable dev.vge.N.stats. Another new sysctl variables dev.nge.N.int_holdoff, dev.nge.N.rx_coal_pkt, and dev.nge.N.tx_coal_pkt has been added to control interrupt moderation. For more details, see vge(4) manual page. A bug in the xl(4) driver which caused occasional watchdog timeouts has been fixed. -------------------------------------------------------------- 2.2.3 Network Protocols A bug in the gif(4) that EtherIP packets sent by combination of if_bridge(4) and gif(4) have a reversed version field has been fixed. If you need to communicate with older FreeBSD releases via EtherIP, use new flags accept_rev_ethip_ver and send_rev_ethip_ver to control handling the reversed version field. These can be set by ifconfig(8) utility to gif(4) interfaces. The EtherIP implementation found on FreeBSD 6.1, 6.2, 6.3, 7.0, 7.1, and 7.2 had an interoperability issue because it sent the incorrect EtherIP packets and discarded the correct ones. For more details, see gif(4) manual page. IPcomp protocol is now enabled by default. This can be controlled by a sysctl variable net.inet.ipcomp.ipcomp_enable. A bug in the ng_iface(4) driver has been fixed. An infinite loop happened when a packet passes out via two different netgraph(3) interfaces sequentially due to tunneling. A kernel option IPFW_DEFAULT_TO_ACCEPT has been replaced with a new loader tunable net.inet.ip.fw.default_to_accept. The value can be queried via a sysctl variable of the same name. The tap(4) software network interface supports a new ioctl TAPGIFNAME. This is convenient shortcut ported from NetBSD to obtain network interface name using file descriptor for character device. The vlan(4) driver is now enabled in the GENERIC kernel. -------------------------------------------------------------- 2.2.4 Disks and Storage The aac(4) driver has been synchronized with the latest official vendor driver. The ahc(4) driver now supports Adaptec 39320LPE adapters. ATA command timeout in the ata(4) driver has been increased. This value can be set by using a kernel option ATA_REQUEST_TIMEOUT. A bug in the ata(4) driver has been fixed. It could generate an I/O request larger than controller's maximum I/O size and caused a kernel panic. An algorithm for load balancing mode in the gmirror(8) GEOM class has been changed and this mode is now set by default instead of split. The load mode uses averaged number of requests, running on each drive instead of measuring last request execution time for each drive and choosing one with smallest time. A bug in the gpart(8) GEOM class has been fixed. It could not handle a GPT header whose size is greater than 92 bytes which is written by OpenSolaris. The default stripe size of gstripe(8) GEOM class has been changed from 4KB to 64KB. This change will affect users preferring the create command over the label command, which will now need to explicitly specify the old stripe size (-s 4096) in order to use their old gstripe(8) volumes. The hptrr(4) driver now supports a new loader tunable hw.hptrr.attach_generic to prevent the driver from being attached to some Marvell chips which have no HPT RAID BIOS. The mfi(4) driver now supports LSI MegaRAID SAS 1078 and Dell PERC6. -------------------------------------------------------------- 2.2.5 File Systems The ext2fs(5) file system has been improved. A bug when the inode size is other than 128 has been fixed. FreeBSD Network File System now supports caching of negative pathname lookup in the NFS client, and uses 3 seconds timeout (30 seconds in the prior releases) for caching attributes of a directory in the client. The pseudofs(9) subsystem used in procfs(5) and linprocfs(5) are now MPSAFE. UFS_DIRHASH (enabled by default) now supports removing the cache data when the system memory is low (via vm_lowmem event handler). A bug that the system caused a panic when decreasing a sysctl variable vfs.ufs.dirhash_maxmem below the current amount of memory used by UFS_DIRHASH, has been fixed. A new sysctl variable for the VFS(9) subsystem vfs.flushbufqtarget has been added. This can fix issues in bufdaemon, a kernel process responsible for flushing dirty buffers, which can cause the process to deadlock in a certain workload. The value of the variable determines the number of buffers will be flushed before allocating a new buffer. The default value of the variable on 7.3-RELEASE is -1 (disabled). The FreeBSD 8.0-RELEASE uses 100 by default. ZFS has been updated from version 6 to version 13. This update includes numerous new ZFS features, such as permitting non-root users to perform some administrative functions, supporting additional disks for caching or the ZFS Intent Log, and partial chflags(2) support. It also includes some FreeBSD-specific additions, such as booting from ZFS file systems, removal of ARC size limitations, ARC back pressure (which allows ZFS to work without tunables on amd64), and many bugfixes. -------------------------------------------------------------- 2.3 Userland Changes The acpidump(8) utility now supports parsing SRAT (System Resource Affinity Table used to describe affinity relationships between CPUs and memory. The apropos(1) command no longer sets the necessary directories to PATH variable. This means if the caller does not have /bin and /usr/bin in PATH, then it does not work. The bluetooth(3) library now supports Bluetooth HCI API. The btpand(8) daemon now supports Bluetooth device node names in a -d option. A bug in the chflags(1) -h option has been fixed. It used link target's flags as the original one. The cp(1) command now preserves file flags on symbolic links when options -Rp are specified. It reported an error "function not implemented". The cpucontrol(8) command now allows user to perform atomic bitwise AND and OR operations on MSR registers. Two new operations (&= and |=) have been added. The first one applies bitwise AND operation between the current contents of the MSR register and the mask, and the second performs bitwise OR. The argument can be optionally prefixed with ~ inversion operator. The following is an example to clear the second bit of TSC MSR: # cpucontrol -m 0x10&=~0x02 The cpuset(1) command now supports interrupt binding by a new option -x irq. The default crontab(5) file no longer define a variable HOME. The df(1) command now uses human-readable output for inode counts when an -H or -h is specified. A bug in the dhclient(8) utility when appending a NUL-terminated text provided by a DHCP server, has been fixed. The dhclient(8) utility now uses 68 (bootpc) as the source port for unicast DHCPREQUEST packets instead of allowing the protocol stack to pick a random source port. This fixes the behavior where dhclient(8) would never transition from RENEWING to BOUND without going through REBINDING in some networks which has a tight policy on DHCP spoofing. The fdisk(8) utility now supports size qualifiers (K, M, and G) and * for automatic calculation in the p command. The fetch(1) command now supports HTTP digest authentication. The fetch(1) command now supports NO_PROXY and no_proxy environment variables to disable use of HTTP proxy. For more details, see fetch(3) manual page. A bug in the fetch(1) command that FTP_TIMEOUT and HTTP_TIMEOUT environment variables were ignored, has been fixed. A bug in the fetch(1) command that default parameters such as connection timeout were not set for HTTPS protocol, has been fixed. It now uses the same parameters as HTTP. A bug in the find(1) command has been fixed. It ignored an -L option when -delete is specified. The following command can be safely used to remove broken links: find -L . -type l -print0 | xargs rm -0 A bug in the find(1) and rm(1) command has been fixed. When a symbolic link has uchg or uappend flag, the commands attempted to clear the target file, not the symbolic link itself. The gzip(1) command now supports uncompressing files compressed by pack(1), which is found in some commercial Unix systems. The ktrace(1) utility now supports a new KTRACE record for sysctl(3) invocations. FreeBSD libc library now includes fdopendir(3) function. FreeBSD libc library now includes feature_present(3) function which checks to see if a named kernel feature is present by checking the kern.features sysctl MIB. FreeBSD libc library now includes getpagesize(3) function that returns either the number of page sizes supported by the system or a specified subset of the supported page sizes. The libradius(3) now supports simple embedded RADIUS server. The lp(1) command now supports -m option to send an email after the files have been printed, and -t title option to write title on the banner page of the output. These are required by POSIX standard. The lpq(1) command now correctly translates remote host names which contain non-standard end-of-line characters. The man(1) command now supports manual pages in UTF-8. The mergemaster(8) utility now uses an -L option when it invokes mtree(8) command to follow symbolic links. The mergemaster(8) utility now supports DELETE_STALE_RC_FILES variable in mergemaster.rc file to delete stale rc.d scripts automatically. A userland utility mfiutil(8) for the mfi(4) devices has been added. This includes basic features to monitor controller, array, and drive status, change basic attributes, create/delete arrays and spares, and flush the controller firmware. Note that this is a small utility, not a replacement of MegaCLI in the Ports Collection which is supported officially and provides more functionality. A userland utility mptutil(8) for the mpt(4) devices has been added. This includes basic features to monitor controller, array, and drive status, change basic attributes, and create/delete arrays and spares. The newfs_msdos(8) command now supports media which have no CHS parameter. The ntpd(8) daemon no longer tries to bind an IPv6 anycast address. The pkill(1) command now ignores itself and the ancestors when finding processes. An -a option has been added for backward compatible behavior. A race condition in the ppp(8) daemon has been fixed. The ps(1) command now supports a new flag -p. This displays descendant info with the output similar to Linux's -H (or -f). The pwait(1) command, which waits for any process to terminate has been added. The pwd_mkdb(8) now verifies login name length is shorter than MAXLOGNAME when a -C option is specified. Note that entries with oversized login names are still allowed in the passwd database, and getpwent*() and getpwuid*() functions return them correctly. The getpwnam*() truncates them to MAXLOGNAME - 1 when reading the database. The su(1) utility fails for the long names. The FreeBSD runtime linker, rtld(1) has been improved. The changes include: * The dynamic string token substitution in the rpath and soname has been implemented. This can be enabled by setting -z origin option of ld(1). Currently, it recognizes $OSNAME, $PLATFORM, $OSREL, and $ORIGIN tokens. This translation is unconditionally disabled for setuid/setgid processes. * PIE (Position Independent Executables) support has been improved. The runtime linker now calculates relocation base for the main object, and applies the relocation adjustment for all virtual addresses encoded into the ELF structures of it in order to make it possible to load PIE binaries at a non-zero base address. * The way the mapping of the ELF objects has been changed to make wiring of the address space possible. It now maps PROT_NONE anonymous memory over the whole range first, and then mapping the segments of the object over it. It allocates .bss by changing the protection of the range instead of remapping, and unnecessary clearing of the text segment when its end is not page-aligned has been eliminated. * A new environment variable LD_ELF_HINTS_PATH for overriding the rtld hints file has been supported. This feature gives a convenient way of using a custom set of shared library that is not located in the default location and switch back. This environment variable is automatically unset if the process is tainted with setuid/setgid. The strptime(3) function now supports %z format specifier. The sysinstall(8) utility now supports a comma-separated list of network interfaces in netDev option in install.cfg. [ia64] The sysinstall(8) utility now uses 400MB for the EFI partition instead of 100MB in the previous releases. The tail(1) -F flag now persists in trying to open files rather than giving up when it encounters an error. ENOENT errors are not reported. This behavior is consistent with the GNU version. The tftp(1) command now returns a correct exit status in the case of successful file transfer. The traceroute(8) program now uses in-kernel source address selection even in a jail(8) environment. The traceroute(8) and traceroute6(8) now support an -a flag to display AS number corresponding to the lookup IP address on each hop. It will query the number to WHOIS server specified in -A option. If no -A is specified, whois.radb.net will be used as the default value. The tzsetup(8) command now supports an -s option to skip the initial question about adjusting the clock if not set to UTC. The whois(1) utility has been updated. A -d option has been removed because whois.nic.mil no longer exists, and it supports searching for IPv6 addresses just like it can do for IPv4 addresses without having to explicitly specify that the ARIN server should be used to get the initial information. The yp(8) utilities now support shadow.byname and shadow.byuid maps. These requires privileged port access. -------------------------------------------------------------- 2.3.1 /etc/rc.d Scripts The service(8) command as an easy interface for the rc.d scripts has been added. The rc.conf(5) file now supports create_args_IF for interfaces created via cloned_interfaces The rc.conf(5) file now supports vlans_IF for creating vlan(4) interfaces. If a vlan interface is a number, then that number is treated as the vlan tag for the interface and the interface will be named "IF.N". Otherwise, the vlan tag must be provided via a vlan parameter in a create_args_IF variable. The rc.d/fsck script now supports options for fsck_y_enable via fsck_y_flags. The rc.d/named script now supports zone file check by named-checkconf(8) before the startup and the following options: * named_wait has the script loop until a specified hostname in named_wait_host (localhost by default) can be successfully looked up. This is disabled by default. * named_auto_forward creates a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. This is disabled by default. The rc.d/savecore script now supports invoking crashinfo(8) automatically during boot. A new variable crashinfo_enable has been added to enable it. The rc.d/static_arp script has been added. This allows the administrator to statically bind MAC to IPv4 address at boot time. An example is as follows: static_arp_pairs="gw" static_arp_gw="192.168.1.1 00:01:02:03:04:05" -------------------------------------------------------------- 2.4 Contributed Software ISC BIND has been updated to version 9.4-ESV. sendmail has been updated from version 8.14.3 to version 8.14.4. The timezone database has been updated to the tzdata2010b release. The timezone libraries (stdtime part of libc) and related binaries (zic(8) and zdump(8)) have been updated to the tzcode2009k release. Note that tzsetup(8) needs to be run after the installation. unifdef has been updated to version 1.188. -------------------------------------------------------------- 2.5 Ports/Packages Collection Infrastructure A bug in the pkg_info(1) command which caused a segmentation fault when an invalid long option is specified, has been fixed. -------------------------------------------------------------- 2.6 Release Engineering and Integration FreeBSD release ISO images now have "FreeBSD-" at the beginning of the filenames. The supported version of the GNOME desktop environment (x11/gnome2) has been updated to 2.28.2. The supported version of the KDE desktop environment (x11/kde4) has been updated to 4.3.5. -------------------------------------------------------------- 3 Upgrading from previous releases of FreeBSD [amd64, i386] Beginning with FreeBSD 6.2-RELEASE, binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC or SMP kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded has Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main sysinstall(8) menu on CDROM distribution media. This type of binary upgrade may be useful on non-i386, non-amd64 machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files. -------------------------------------------------------------- This file, and other release-related documents, can be downloaded from ftp://ftp.FreeBSD.org/. For questions about FreeBSD, read the documentation before contacting . All users of FreeBSD 7.3-STABLE should subscribe to the mailing list. For questions about this documentation, e-mail .