Copyright © 2012 The FreeBSD Documentation Project
$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/article.sgml,v
1.1101.2.29.2.4 2012/04/09 04:44:39 hrs Exp $
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
SPARC, SPARC64, SPARCengine, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the " or the ® symbol.
The release notes for FreeBSD 8.3-RELEASE contain a summary of the changes made to the FreeBSD base system on the 8.2-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 8.3-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 8.3-RELEASE is a release distribution. It can be found at ftp://ftp.FreeBSD.org/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the Obtaining FreeBSD appendix to the FreeBSD Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 8.3-RELEASE can be found on the FreeBSD Web site.
This section describes the most user-visible new or changed features in FreeBSD since 8.2-RELEASE.
Typical release note items document recent security advisories issued after 8.2-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from http://security.FreeBSD.org/.
| Advisory | Date | Topic | 
|---|---|---|
| SA-11:01.mountd | 20 April 2011 | Network ACL mishandling in mountd(8) | 
| SA-11:02.bind | 28 May 2011 | BIND remote DoS with large RRSIG RRsets and negative caching | 
| SA-11:04.compress | 28 September 2011 | Errors handling corrupt compress file in compress(1) and gzip(1) | 
| SA-11:05.unix | 28 September 2011 | Buffer overflow in handling of UNIX socket addresses | 
| SA-11:06.bind | 23 December 2011 | Remote packet Denial of Service against named(8) servers | 
| SA-11:07.chroot | 23 December 2011 | Code execution via chrooted ftpd | 
| SA-11:08.telnetd | 23 December 2011 | telnetd code execution vulnerability | 
| SA-11:09.pam_ssh | 23 December 2011 | pam_ssh improperly grants access when user account has unencrypted SSH private keys | 
| SA-11:10.pam | 23 December 2011 | 
 | 
[amd64, i386] The FreeBSD dtrace(1) framework now supports systrace for system calls of linux32 and freebsd32 on FreeBSD/amd64. Two new systrace_linux32 and systrace_freebsd32 kernel modules provide support for tracing compat system calls in addition to the native system call tracing provided by the systrace module.[r219107]
The hhook(9) (Helper Hook) and khelp(9) (Kernel Helpers) KPIs have been implemented. These are a kind of superset of pfil(9) framework for more general use in the kernel. The hhook(9) KPI provides a way for kernel subsystems to export hook points that khelp(9) modules can hook to provide enhanced or new functionality to the kernel. The khelp(9) KPI provides a framework for managing khelp(9) modules, which indirectly use the hhook(9) KPI to register their hook functions with hook points of interest within the kernel. These allow a structured way to dynamically extend the kernel at runtime in an ABI preserving manner.[r222406]
[amd64, i386, pc98] A 
loader(8)
	tunable hw.memtest.tests has been added. 	This controls
whether to perform memory testing at boot time 	or not. The default value is 1 (perform a 	memory test).[r230282]
The open(2) and fhopen(2) system calls now support the O_CLOEXEC flag, which allows setting the FD_CLOEXEC flag for the newly created file descriptor. This is standardized in IEEE Std 1003.1-2008 (POSIX, Single UNIX Specification Version 4).[r220241]
The posix_fallocate(2) system call has been implemented. This is a function in POSIX to ensure that a part of the storage for regular file data is allocated on the file system storage media.[r227573]
The posix_fadvise(2) system call has been implemented. This is a function in POSIX similar to madvise(2) except that it operates on a file descriptor instead of a memory region.[r229725]
The FreeBSD usb(4) subsystem now supports USB packet filter. This allows to capture packets which go through each USB host controller. The implementation is almost based on bpf(4) code. The userland program usbdump(8) has been added.[r221174]
The cxgb(4) driver has been updated to version 7.11.0.[r220340]
A cxgbe(4) driver for Chelsio T4 (Terminator 4) based 10Gb/1Gb adapters has been added.[r219633]
[i386] The 
dc(4) driver 	
now works correctly in kernels with the 	 PAE
option.[r220072]
The em(4) driver has been updated to version 7.3.2.[r230848]
The igb(4) driver has been updated to version 2.3.1.[r230848]
The igb(4) driver now supports Intel I350 PCIe Gigabit Ethernet controllers.[r230848]
The ixgbe(4) driver has been updated to version 2.4.5.[r230924]
Firmware images in the iwn(4) driver for 1000, 5000, 6000, and 6500 series cards have been updated.[r223255]
The msk(4) driver now supports RX checksum offloading for Yukon EC, Yukon Ultra, Yukon FE and Yukon Ultra2. The checksum offloading for Yukon XL was still disabled due to known silicon bug.[r223394]
A bug in the nfe(4) driver which could prevent reinitialization after changing the MTU has been fixed.[r218872]
A rdcphy(4) driver for RDC Semiconductor R6040 10/100 PHY has been added.[r218294]
The re(4) driver now supports RTL8168E/8111E-VL PCIe Gigabit Ethernet controllers and RTL8401E PCIe Fast Ethernet controllers.[r218901, r219116]
The re(4) driver now supports TX interrupt moderation on RTL810xE PCIe Fast Ethernet controllers.[r218905]
The 
re(4) driver now
supports 	 another mechanism for RX interrupt moderation because of 	 performance
problems. A 
sysctl(8)
variable 	 dev.re.N.int_rx_mod 	 has been added to control amount of time
to delay RX 	 interrupt processing, in units of microsecond. Setting it 	 to 0 completely disables RX interrupt 	 moderation. A 
loader(8)
tunable 	 hw.re.intr_filter controls whether the 	 old
mechanism utilizing MSI/MSI-X capability on 	 supported controllers is used or not. When
set to 	 a non-zero value, the 
re(4) driver
uses the old 	 mechanism. The default value is 0 and 	 this
tunable has no effect on controllers without MSI/MSI-X 	 capability.[r219110]
The re(4) driver now supports TSO (TCP Segmentation Offload) on RealTek RTL8168/8111 C or later controllers. Note that this is disabled by default because broken frames can be sent under certain conditions.[r218897]
The re(4) driver now supports enabling TX and/or RX checksum offloading independently from each other. Note that TX IP checksum is disabled on some RTL8168C-based network interfaces because it can generate an incorrect IP checksum when the packet contains IP options.[r218899, r219114]
The re(4) driver now supports RTL8105E PCIe Fast Ethernet controllers.[r229530]
A vte(4) driver for RDC R6040 Fast Ethernet controllers, which are commonly found on the Vortex86 System On a Chip, has been added.[r218296]
ipfw(8) now supports the call and return actions. Upon the call number action, the current rule number is saved in the internal stack and ruleset processing continues with the first rule numbered number or higher. The return action takes the rule number saved to internal stack by the latest call action and returns ruleset processing to the first rule with number greater than that saved number.[r230575]
FreeBSD's ipsec(4) support now uses half of the hash size as the authenticator hash size in Hashed Message Authentication Mode (HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512) as described in RFC 4868. This was a fixed 96-bit length in prior releases because the implementation was based on an old Internet draft draft-ietf-ipsec-ciph-sha-256-00. Note that this means 8.3-RELEASE and later are no longer interoperable with the older FreeBSD releases.[r221157]
A bug in the IPV6_PKTINFO option used in sendmsg(2) has been fixed. The IPV6_USE_MIN_MTU state set by setsockopt(2) was ignored.[r232560]
The 	 FreeBSD TCP/IP network stack now supports the 
mod_cc(9)
pluggable 	 congestion control framework. This allows TCP congestion 	 control algorithms
to be implemented as dynamically loadable 	 kernel modules. The following kernel modules
are available 	 as of 8.3-RELEASE: 
cc_chd(4) for
the 	 CAIA-Hamilton-Delay algorithm, 
cc_cubic(4) for
the CUBIC 	 algorithm, 
cc_hd(4) for the
Hamilton-Delay algorithm, 	 
cc_htcp(4) for
the H-TCP algorithm, 
cc_newreno(4)
for 	 the NewReno algorithm, and 
cc_vegas(4) for
the Vegas algorithm. 	 The default algorithm can be set by a new 
sysctl(8) 	
variable net.inet.tcp.cc.algorithm. The 	 value must be set
to one of the names listed by 	 net.inet.tcp.cc.available,
and 	 newreno is the default set at boot time. 	 For more 	
detail, see the 
mod_cc(4) and
mod_cc(9) manual
pages.[r222401, r222402, r222403, r222404, r222406, r222407, r222408, r222409, r222411, r222412, r222413, r222419, r225738]
An h_ertt(4) (Enhanced Round Trip Time) khelp(9) module has been added. This module allows per-connection, low noise estimates of the instantaneous RTT in the TCP/IP network stack with a robust implementation even in the face of delayed acknowledgments and/or TSO (TCP Segmentation Offload) being in use for a connection.[r222410]
A new tcp(4) socket option TCP_CONGESTION has been added. This allows to select or query the congestion control algorithm that the TCP/IP network stack will use for connections on the socket.[r222401]
The ng_ipfw(4) netgraph(4) node now supports IPv6.[r225876]
The ng_one2many(4) netgraph(4) node now supports the XMIT_FAILOVER transmit algorithm. This makes packets deliver out of the first active many hook.[r219660]
The 
ada(4) driver
now supports 	 write cache control. A new 
sysctl(8)
variable 	 kern.cam.ada.write_cache determines 	 whether the
write cache of 
ada(4) devices
is enabled or 	 not. Setting to 1 enables and 	 0 disables the write cache, and -1 	 leaves the
device default behavior. 
sysctl(8)
variables 	 kern.cam.ada.N.write_cache 	 can override the configuration in a
per-device basis (the 	 default value is -1, which means to use
	 the global setting). Note that the value can be changed at 	 runtime, but it takes
effect only after a device 	 reset.[r220841]
The arcmsr(4) driver has been updated to version 1.20.00.22.[r224991]
The graid(8) GEOM class has been added. This is a replacement of the ataraid(4) driver supporting various BIOS-based software RAID.[r223177]
The mxge(4) driver has been updated.[r224235]
A tws(4) driver for 3ware 9750 SATA+SAS 6Gb/s RAID controllers has been added.[r226243]
The FreeBSD Fast File System now 	 supports the TRIM command
when freeing data 	 blocks. A new flag -t in the 
newfs(8) 	 and
tunefs(8)
utilities sets the TRIM-enable flag for a 	 file system. The TRIM-enable flag makes the
file system 	 send a delete request to the underlying device for each 	 freed block. The
TRIM command is 	 specified as a Data Set Management Command in
the ATA8-ACS2 	 standard to carry the information related to deleted data 	 blocks to a
device, especially for a SSD (Solid-State Drive) for 	 optimization.[r218079]
A new flag -E has 	 been added to the 
newfs(8) and
fsck_ffs(8)
utilities. 	 This clears unallocated blocks, notifying the underlying 	 device that they
are not used and that their contents may be 	 discarded. This is useful in 
fsck_ffs(8) for
file 	 systems which have been mounted on systems without 	 TRIM
support, or with 	 TRIM support disabled, as well as 	
filesystems which have been copied from one device to 	 another.[r225296]
The FreeBSD NFS subsystem now supports a 	 nocto mount
option. This disables the 	 close-to-open cache coherency check at open time. This 	
option may improve performance for read-only mounts, but 	 should only be used only if
the data on the server changes 	 rarely. The 
mount_nfs(8)
utility now also supports 	 this flag keyword.[r221759]
A 
loader(8)
tunable 	 vfs.typenumhash has been added. Setting 	 this to
1 enables to use a hash 	 calculation on the file system
identification number 	 internally used in the kernel. This fixes the Stale 	 NFS file
handle error on NFS clients when upgrading 	 or rebuilding the kernel on the NFS server
due to unexpected 	 change of these identification number values. Note that 	 this is set
to 0 (disable) by default for 	 backward compatibility.[r226926]
The FreeBSD ZFS subsystem has been 	 updated to the SPA (Storage Pool Allocator, also
known as 	 zpool) version 28. It now supports data deduplication, 	 triple parity RAIDZ
(raidz3), snapshot holds, log device 	 removal, zfs diff, zpool split, zpool import 	
-F, and read-only zpool import.[r222741]
The bsdtar(1) and cpio(1) utilities are now based on libarchive version 2.8.5.[r229589]
The 
cpuset(1)
utility now supports 	a -C flag to create a new cpuset and
assign 	an existing process into that set, and an 	all keyword
in the -l 	cpu-list
option to specify 	all CPUs in the system.[r218033]
A bug in the fetch(1) utility which could prevent the STAT FTP command from working properly has been fixed.[r221764]
The 
gpart(8) utility
now supports a 	-p flag to the show
	subcommand. This allows showing providers' names of 	partitions instead of the
partitions' indexes.[r219861]
The hastd(8) utility now drops root privileges of the worker processes to the hast user.[r220104]
The hastd(8) utility now supports a checksum keyword to specify the checksum algorithm in a resource section. As of 8.3-RELEASE, none, sha256, and crc32 are supported.[r220104]
The hastd(8) utility now supports a compression keyword to specify the compression algorithm in a resource section. As of 8.3-RELEASE, none, hole and lzf are supported.[r220104]
The hastd(8) utility now supports a source keyword to specify the local address to bind to before connecting the remote hastd(8) daemon.[r220104]
A readline(3) API set has been imported into libedit. This is based on NetBSD's implementation and BSD licensed utilities now use it instead of GNU libreadline.[r220612]
The makefs(8) utility now supports the ISO 9660 format.[r224447]
libmd and libcrypt now support the SHA-256 and SHA-512 algorithms.[r231588]
The netstat(1) utility now does not expose the internal scope address representation used in the FreeBSD kernel, which is derived from KAME IPv6 stack, in the results of netstat -ani and netstat -nr.[r219062]
The newsyslog(8) utility now supports xz(1) compression. An X flag in the optional field has been added to specify the compression.[r218911]
A poweroff(8) utility has been added. This is equivalent to:[r224259]
# shutdown -p now
The ppp(8) utility now supports iface name name and iface description description commands. These have the same functionalities as the name and description subcommands of the ifconfig(8) utility.[r224285]
The 
ps(1) utility
now supports 	-o usertime and -o
systime 	options to display accumulated system and user CPU time,
	respectively.[r219943]
The rtadvd(8) daemon now supports a noifprefix keyword to disable gathering on-link prefixes from interfaces when no addr keyword is specified. An entry in /etc/rtadvd.conf with noifprefix and no addr generates an RA message with no prefix information option.[r231802]
The rtadvd(8) daemon now supports the RDNSS and DNSSL options described in RFC 6106, IPv6 Router Advertisement Options for DNS Configuration. A rtadvctl(8) utility to control the rtadvd(8) daemon has been added.[r231802]
A bug in the tftpd(8) daemon has been fixed. It had an interoperability issue when transferring a large file.[r227083]
The zpool(8): utility now supports a zpool labelclear command. This allows to wipe the label data from a drive that is not active in a pool.[r229570]
The awk has been updated to the 7 August 2011 release.
ISC BIND has been updated to version 9.6-ESV-R5-P1.
The netcat utility has been updated to version 4.9.
GNU GCC and libstdc++ have been updated to rev 127959 of gcc-4_2-branch (the last GPLv2-licensed version).[r221274]
The LESS program has been updated to version v444.[r223454]
The OpenSSH utility has been updated to 5.4p1, and optimization for large bandwidth-delay product connection and none cipher support have been merged[r228152]
sendmail has been updated to version 8.14.5.[r223315]
The timezone database has been updated to the tzdata2011n release.[r226977]
The unifdef(1) utility has been updated to version 2.5.6.
The xz program has been updated from 5.0.0 to 5.0.1.[r219219]
The supported version of the KDE desktop environment (x11/kde4) has been updated from 4.5.5 to 4.7.4.
[amd64, i386] Upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded has Internet connectivity.
An older form of binary upgrade is supported through the Upgrade option from the main sysinstall(8) menu on CDROM distribution media. This type of binary upgrade may be useful on non-i386, non-amd64 machines or on systems with no Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.
Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files.
This file, and other release-related documents, can be downloaded from ftp://ftp.FreeBSD.org/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.