1Updating Information for FreeBSD current users. 2 3This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>. 4See end of file for further details. For commonly done items, please see the 5COMMON ITEMS: section later in the file. These instructions assume that you 6basically know what you are doing. If not, then please consult the FreeBSD 7handbook: 8 9 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html 10 11Items affecting the ports and packages system can be found in 12/usr/ports/UPDATING. Please read that file before running portupgrade. 13 14NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping 15from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to 16the tip of head, and then rebuild without this option. The bootstrap process 17from older version of current across the gcc/clang cutover is a bit fragile. 18 1920171129 p16 FreeBSD-SA-17:11.openssl 20 21 Fix multiple vulnerabilities of OpenSSL. 22 2320171115 p15 FreeBSD-SA-17:08.ptrace 24 FreeBSD-SA-17:10.kldstat 25 26 Fix ptrace(2) vulnerability. [SA-17:08.ptrace] 27 28 Fix kldstat(2) vulnerability. [SA-17:10.kldstat] 29 3020171102 p14 FreeBSD-EN-17:09.tzdata 31 32 Update timezone database information. [EN-17:09] 33 3420171017 p13 FreeBSD-SA-17:07.wpa 35 36 Fix WPA2 protocol vulnerability. [SA-17:07] 37 3820170810 p12 FreeBSD-SA-17:06.openssh 39 FreeBSD-EN-17:07.vnet 40 41 Fix OpenSSH Denial of Service vulnerability. [SA-17:06] 42 43 Fix VNET kernel panic with asynchronous I/O. [EN-17:07] 44 4520170712 p11 FreeBSD-SA-17:05.heimdal 46 47 Fix heimdal KDC-REP service name validation vulnerability. 48 4920170427 p10 FreeBSD-SA-17:04.ipfilter 50 51 Fix ipfilter(4) fragment handling panic. [SA-17:04] 52 5320170412 p9 FreeBSD-SA-17:03.ntp 54 FreeBSD-EN-17:05.xen 55 56 Fix multiple vulnerabilities of ntp. [SA-17:03] 57 58 Xen migration enhancements. [EN-17:05] 59 6020170223 p8 FreeBSD-SA-17:02.openssl 61 FreeBSD-EN-17:01.pcie 62 FreeBSD-EN-17:02.yp 63 FreeBSD-EN-17:03.hyperv 64 FreeBSD-EN-17:04.mandoc 65 66 Fix multiple vulnerabilities of OpenSSL. [SA-17:02] 67 68 Fix system hang when booting when PCI-express HotPlug is enabled. 69 [EN-17:01] 70 71 Fix NIS master updates are not pushed to NIS slave. [EN-17:02] 72 73 Fix compatibility with Hyper-V/storage after KB3172614 or 74 KB3179574. [EN-17:03] 75 76 Make makewhatis output reproducible. [EN-17:04] 77 7820170111 p7 FreeBSD-SA-17:01.openssh 79 80 Fix multiple vulnerabilities of OpenSSH. 81 8220161222 p6 FreeBSD-SA-16:39.ntp 83 84 Fix multiple vulnerabilities of ntp. 85 8620161208 p5 FreeBSD-SA-16:37.libc [revised] 87 88 Fix regressions introduced by SA-16:37.libc. 89 9020161206 p4 FreeBSD-SA-16:36.telnetd 91 FreeBSD-SA-16:37.libc 92 FreeBSD-SA-16:38.bhyve 93 FreeBSD-EN-16:19.tzcode 94 FreeBSD-EN-16:20.tzdata 95 FreeBSD-EN-16:21.localedef 96 97 Fix possible login(1) argument injection in telnetd(8). [SA-16:36] 98 Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] 99 Fix possible escape from bhyve(8) virtual machine. [SA-16:38] 100 Fix warnings about valid time zone abbreviations. [EN-16:19] 101 Update timezone database information. [EN-16:20] 102 Fix incorrectly defined unicode character(s). [EN-16:21] 103 10420161102 p3 FreeBSD-SA-16:33.openssh 105 106 Fix Fix OpenSSH remote Denial of Service vulnerability. 107 10820161025 p2 FreeBSD-SA-16:15.sysarch [revised] 109 FreeBSD-SA-16:32.bhyve 110 111 Fix incorrect argument validation in sysarch(2). [SA-16:15] 112 Fix access to host memory from guest in bhyve(8). [SA-16:32] 113 11420160928: 115 11.0-RELEASE. 116 11720160622: 118 The libc stub for the pipe(2) system call has been replaced with 119 a wrapper that calls the pipe2(2) system call and the pipe(2) 120 system call is now only implemented by the kernels that include 121 "options COMPAT_FREEBSD10" in their config file (this is the 122 default). Users should ensure that this option is enabled in 123 their kernel or upgrade userspace to r302092 before upgrading their 124 kernel. 125 12620160527: 127 CAM will now strip leading spaces from SCSI disks' serial numbers. 128 This will effect users who create UFS filesystems on SCSI disks using 129 those disk's diskid device nodes. For example, if /etc/fstab 130 previously contained a line like 131 "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should 132 change it to "/dev/diskid/DISK-ABCDEFG0123456". Users of geom 133 transforms like gmirror may also be affected. ZFS users should 134 generally be fine. 135 13620160523: 137 The bitstring(3) API has been updated with new functionality and 138 improved performance. But it is binary-incompatible with the old API. 139 Objects built with the new headers may not be linked against objects 140 built with the old headers. 141 14220160520: 143 The brk and sbrk functions have been removed from libc on arm64. 144 Binutils from ports has been updated to not link to these 145 functions and should be updated to the latest version before 146 installing a new libc. 147 14820160517: 149 The armv6 port now defaults to hard float ABI. Limited support 150 for running both hardfloat and soft float on the same system 151 is available using the libraries installed with -DWITH_LIBSOFT. 152 This has only been tested as an upgrade path for installworld 153 and packages may fail or need manual intervention to run. New 154 packages will be needed. 155 156 To update an existing self-hosted armv6hf system, you must add 157 TARGET_ARCH=armv6 on the make command line for both the build 158 and the install steps. 159 16020160510: 161 Kernel modules compiled outside of a kernel build now default to 162 installing to /boot/modules instead of /boot/kernel. Many kernel 163 modules built this way (such as those in ports) already overrode 164 KMODDIR explicitly to install into /boot/modules. However, 165 manually building and installing a module from /sys/modules will 166 now install to /boot/modules instead of /boot/kernel. 167 16820160414: 169 The CAM I/O scheduler has been committed to the kernel. There should be 170 no user visible impact. This does enable NCQ Trim on ada SSDs. While the 171 list of known rogues that claim support for this but actually corrupt 172 data is believed to be complete, be on the lookout for data 173 corruption. The known rogue list is believed to be complete: 174 175 o Crucial MX100, M550 drives with MU01 firmware. 176 o Micron M510 and M550 drives with MU01 firmware. 177 o Micron M500 prior to MU07 firmware 178 o Samsung 830, 840, and 850 all firmwares 179 o FCCT M500 all firmwares 180 181 Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware 182 with working NCQ TRIM. For Micron branded drives, see your sales rep for 183 updated firmware. Black listed drives will work correctly because these 184 drives work correctly so long as no NCQ TRIMs are sent to them. Given 185 this list is the same as found in Linux, it's believed there are no 186 other rogues in the market place. All other models from the above 187 vendors work. 188 189 To be safe, if you are at all concerned, you can quirk each of your 190 drives to prevent NCQ from being sent by setting: 191 kern.cam.ada.X.quirks="0x2" 192 in loader.conf. If the drive requires the 4k sector quirk, set the 193 quirks entry to 0x3. 194 19520160330: 196 The FAST_DEPEND build option has been removed and its functionality is 197 now the one true way. The old mkdep(1) style of 'make depend' has 198 been removed. See 20160311 for further details. 199 20020160317: 201 Resource range types have grown from unsigned long to uintmax_t. All 202 drivers, and anything using libdevinfo, need to be recompiled. 203 20420160311: 205 WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree 206 builds. It no longer runs mkdep(1) during 'make depend', and the 207 'make depend' stage can safely be skipped now as it is auto ran 208 when building 'make all' and will generate all SRCS and DPSRCS before 209 building anything else. Dependencies are gathered at compile time with 210 -MF flags kept in separate .depend files per object file. Users should 211 run 'make cleandepend' once if using -DNO_CLEAN to clean out older 212 stale .depend files. 213 21420160306: 215 On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into 216 kernel modules. Therefore, if you load any kernel modules at boot time, 217 please install the boot loaders after you install the kernel, but before 218 rebooting, e.g.: 219 220 make buildworld 221 make kernel KERNCONF=YOUR_KERNEL_HERE 222 make -C sys/boot install 223 <reboot in single user> 224 225 Then follow the usual steps, described in the General Notes section, 226 below. 227 22820160305: 229 Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0. Please 230 see the 20141231 entry below for information about prerequisites and 231 upgrading, if you are not already using clang 3.5.0 or higher. 232 23320160301: 234 The AIO subsystem is now a standard part of the kernel. The 235 VFS_AIO kernel option and aio.ko kernel module have been removed. 236 Due to stability concerns, asynchronous I/O requests are only 237 permitted on sockets and raw disks by default. To enable 238 asynchronous I/O requests on all file types, set the 239 vfs.aio.enable_unsafe sysctl to a non-zero value. 240 24120160226: 242 The ELF object manipulation tool objcopy is now provided by the 243 ELF Tool Chain project rather than by GNU binutils. It should be a 244 drop-in replacement, with the addition of arm64 support. The 245 (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set 246 to obtain the GNU version if necessary. 247 24820160129: 249 Building ZFS pools on top of zvols is prohibited by default. That 250 feature has never worked safely; it's always been prone to deadlocks. 251 Using a zvol as the backing store for a VM guest's virtual disk will 252 still work, even if the guest is using ZFS. Legacy behavior can be 253 restored by setting vfs.zfs.vol.recursive=1. 254 25520160119: 256 The NONE and HPN patches has been removed from OpenSSH. They are 257 still available in the security/openssh-portable port. 258 25920160113: 260 With the addition of ypldap(8), a new _ypldap user is now required 261 during installworld. "mergemaster -p" can be used to add the user 262 prior to installworld, as documented in the handbook. 263 26420151216: 265 The tftp loader (pxeboot) now uses the option root-path directive. As a 266 consequence it no longer looks for a pxeboot.4th file on the tftp 267 server. Instead it uses the regular /boot infrastructure as with the 268 other loaders. 269 27020151211: 271 The code to start recording plug and play data into the modules has 272 been committed. While the old tools will properly build a new kernel, 273 a number of warnings about "unknown metadata record 4" will be produced 274 for an older kldxref. To avoid such warnings, make sure to rebuild 275 the kernel toolchain (or world). Make sure that you have r292078 or 276 later when trying to build 292077 or later before rebuilding. 277 27820151207: 279 Debug data files are now built by default with 'make buildworld' and 280 installed with 'make installworld'. This facilitates debugging but 281 requires more disk space both during the build and for the installed 282 world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes 283 in src.conf(5). 284 28520151130: 286 r291527 changed the internal interface between the nfsd.ko and 287 nfscommon.ko modules. As such, they must both be upgraded to-gether. 288 __FreeBSD_version has been bumped because of this. 289 29020151108: 291 Add support for unicode collation strings leads to a change of 292 order of files listed by ls(1) for example. To get back to the old 293 behaviour, set LC_COLLATE environment variable to "C". 294 295 Databases administrators will need to reindex their databases given 296 collation results will be different. 297 298 Due to a bug in install(1) it is recommended to remove the ancient 299 locales before running make installworld. 300 301 rm -rf /usr/share/locale/* 302 30320151030: 304 The OpenSSL has been upgraded to 1.0.2d. Any binaries requiring 305 libcrypto.so.7 or libssl.so.7 must be recompiled. 306 30720151020: 308 Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0. 309 Kernel modules isp_2400_multi and isp_2500_multi were removed and 310 should be replaced with isp_2400 and isp_2500 modules respectively. 311 31220151017: 313 The build previously allowed using 'make -n' to not recurse into 314 sub-directories while showing what commands would be executed, and 315 'make -n -n' to recursively show commands. Now 'make -n' will recurse 316 and 'make -N' will not. 317 31820151012: 319 If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster 320 and etcupdate will now use this file. A custom sendmail.cf is now 321 updated via this mechanism rather than via installworld. If you had 322 excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may 323 want to remove the exclusion or change it to "always install". 324 /etc/mail/sendmail.cf is now managed the same way regardless of 325 whether SENDMAIL_MC/SENDMAIL_CF is used. If you are not using 326 SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior. 327 32820151011: 329 Compatibility shims for legacy ATA device names have been removed. 330 It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases 331 and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.* 332 environment variables, /dev/ad* and /dev/ar* symbolic links. 333 33420151006: 335 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0. 336 Please see the 20141231 entry below for information about prerequisites 337 and upgrading, if you are not already using clang 3.5.0 or higher. 338 33920150924: 340 Kernel debug files have been moved to /usr/lib/debug/boot/kernel/, 341 and renamed from .symbols to .debug. This reduces the size requirements 342 on the boot partition or file system and provides consistency with 343 userland debug files. 344 345 When using the supported kernel installation method the 346 /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old) 347 as is done with /boot/kernel. 348 349 Developers wishing to maintain the historical behavior of installing 350 debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5). 351 35220150827: 353 The wireless drivers had undergone changes that remove the 'parent 354 interface' from the ifconfig -l output. The rc.d network scripts 355 used to check presence of a parent interface in the list, so old 356 scripts would fail to start wireless networking. Thus, etcupdate(3) 357 or mergemaster(8) run is required after kernel update, to update your 358 rc.d scripts in /etc. 359 36020150827: 361 pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl' 362 These configurations are now automatically interpreted as 363 'scrub fragment reassemble'. 364 36520150817: 366 Kernel-loadable modules for the random(4) device are back. To use 367 them, the kernel must have 368 369 device random 370 options RANDOM_LOADABLE 371 372 kldload(8) can then be used to load random_fortuna.ko 373 or random_yarrow.ko. Please note that due to the indirect 374 function calls that the loadable modules need to provide, 375 the build-in variants will be slightly more efficient. 376 377 The random(4) kernel option RANDOM_DUMMY has been retired due to 378 unpopularity. It was not all that useful anyway. 379 38020150813: 381 The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired. 382 Control over building the ELF Tool Chain tools is now provided by 383 the WITHOUT_TOOLCHAIN knob. 384 38520150810: 386 The polarity of Pulse Per Second (PPS) capture events with the 387 uart(4) driver has been corrected. Prior to this change the PPS 388 "assert" event corresponded to the trailing edge of a positive PPS 389 pulse and the "clear" event was the leading edge of the next pulse. 390 391 As the width of a PPS pulse in a typical GPS receiver is on the 392 order of 1 millisecond, most users will not notice any significant 393 difference with this change. 394 395 Anyone who has compensated for the historical polarity reversal by 396 configuring a negative offset equal to the pulse width will need to 397 remove that workaround. 398 39920150809: 400 The default group assigned to /dev/dri entries has been changed 401 from 'wheel' to 'video' with the id of '44'. If you want to have 402 access to the dri devices please add yourself to the video group 403 with: 404 405 # pw groupmod video -m $USER 406 40720150806: 408 The menu.rc and loader.rc files will now be replaced during 409 upgrades. Please migrate local changes to menu.rc.local and 410 loader.rc.local instead. 411 41220150805: 413 GNU Binutils versions of addr2line, c++filt, nm, readelf, size, 414 strings and strip have been removed. The src.conf(5) knob 415 WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools. 416 41720150728: 418 As ZFS requires more kernel stack pages than is the default on some 419 architectures e.g. i386, it now warns if KSTACK_PAGES is less than 420 ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing). 421 422 Please consider using 'options KSTACK_PAGES=X' where X is greater 423 than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations. 424 42520150706: 426 sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0 427 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by 428 default, i.e., they will not contain "::". For example, instead 429 of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet 430 to have a more specific match, such as different map entries for 431 IPv6:0:0 vs IPv6:0. This change requires that configuration 432 data (including maps, files, classes, custom ruleset, etc.) must 433 use the same format, so make certain such configuration data is 434 upgrading. As a very simple check search for patterns like 435 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old 436 behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or 437 the cf option UseCompressedIPv6Addresses. 438 43920150630: 440 The default kernel entropy-processing algorithm is now 441 Fortuna, replacing Yarrow. 442 443 Assuming you have 'device random' in your kernel config 444 file, the configurations allow a kernel option to override 445 this default. You may choose *ONE* of: 446 447 options RANDOM_YARROW # Legacy /dev/random algorithm. 448 options RANDOM_DUMMY # Blocking-only driver. 449 450 If you have neither, you get Fortuna. For most people, 451 read no further, Fortuna will give a /dev/random that works 452 like it always used to, and the difference will be irrelevant. 453 454 If you remove 'device random', you get *NO* kernel-processed 455 entropy at all. This may be acceptable to folks building 456 embedded systems, but has complications. Carry on reading, 457 and it is assumed you know what you need. 458 459 *PLEASE* read random(4) and random(9) if you are in the 460 habit of tweaking kernel configs, and/or if you are a member 461 of the embedded community, wanting specific and not-usual 462 behaviour from your security subsystems. 463 464 NOTE!! If you use RANDOM_DUMMY and/or have no 'device 465 random', you will NOT have a functioning /dev/random, and 466 many cryptographic features will not work, including SSH. 467 You may also find strange behaviour from the random(3) set 468 of library functions, in particular sranddev(3), srandomdev(3) 469 and arc4random(3). The reason for this is that the KERN_ARND 470 sysctl only returns entropy if it thinks it has some to 471 share, and with RANDOM_DUMMY or no 'device random' this 472 will never happen. 473 47420150623: 475 An additional fix for the issue described in the 20150614 sendmail 476 entry below has been been committed in revision 284717. 477 47820150616: 479 FreeBSD's old make (fmake) has been removed from the system. It is 480 available as the devel/fmake port or via pkg install fmake. 481 48220150615: 483 The fix for the issue described in the 20150614 sendmail entry 484 below has been been committed in revision 284436. The work 485 around described in that entry is no longer needed unless the 486 default setting is overridden by a confDH_PARAMETERS configuration 487 setting of '5' or pointing to a 512 bit DH parameter file. 488 48920150614: 490 ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from 491 atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf 492 and devel/kyua to version 0.20+ and adjust any calling code to work 493 with Kyuafile and kyua. 494 49520150614: 496 The import of openssl to address the FreeBSD-SA-15:10.openssl 497 security advisory includes a change which rejects handshakes 498 with DH parameters below 768 bits. sendmail releases prior 499 to 8.15.2 (not yet released), defaulted to a 512 bit 500 DH parameter setting for client connections. To work around 501 this interoperability, sendmail can be configured to use a 502 2048 bit DH parameter by: 503 504 1. Edit /etc/mail/`hostname`.mc 505 2. If a setting for confDH_PARAMETERS does not exist or 506 exists and is set to a string beginning with '5', 507 replace it with '2'. 508 3. If a setting for confDH_PARAMETERS exists and is set to 509 a file path, create a new file with: 510 openssl dhparam -out /path/to/file 2048 511 4. Rebuild the .cf file: 512 cd /etc/mail/; make; make install 513 5. Restart sendmail: 514 cd /etc/mail/; make restart 515 516 A sendmail patch is coming, at which time this file will be 517 updated. 518 51920150604: 520 Generation of legacy formatted entries have been disabled by default 521 in pwd_mkdb(8), as all base system consumers of the legacy formatted 522 entries were converted to use the new format by default when the new, 523 machine independent format have been added and supported since FreeBSD 524 5.x. 525 526 Please see the pwd_mkdb(8) manual page for further details. 527 52820150525: 529 Clang and llvm have been upgraded to 3.6.1 release. Please see the 530 20141231 entry below for information about prerequisites and upgrading, 531 if you are not already using 3.5.0 or higher. 532 53320150521: 534 TI platform code switched to using vendor DTS files and this update 535 may break existing systems running on Beaglebone, Beaglebone Black, 536 and Pandaboard: 537 538 - dtb files should be regenerated/reinstalled. Filenames are the 539 same but content is different now 540 - GPIO addressing was changed, now each GPIO bank (32 pins per bank) 541 has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old 542 addressing scheme is now pin 25 on /dev/gpioc3. 543 - Pandaboard: /etc/ttys should be updated, serial console device is 544 now /dev/ttyu2, not /dev/ttyu0 545 54620150501: 547 soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim. 548 If you need the GNU extension from groff soelim(1), install groff 549 from package: pkg install groff, or via ports: textproc/groff. 550 55120150423: 552 chmod, chflags, chown and chgrp now affect symlinks in -R mode as 553 defined in symlink(7); previously symlinks were silently ignored. 554 55520150415: 556 The const qualifier has been removed from iconv(3) to comply with 557 POSIX. The ports tree is aware of this from r384038 onwards. 558 55920150416: 560 Libraries specified by LIBADD in Makefiles must have a corresponding 561 DPADD_<lib> variable to ensure correct dependencies. This is now 562 enforced in src.libnames.mk. 563 56420150324: 565 From legacy ata(4) driver was removed support for SATA controllers 566 supported by more functional drivers ahci(4), siis(4) and mvs(4). 567 Kernel modules ataahci and ataadaptec were removed completely, 568 replaced by ahci and mvs modules respectively. 569 57020150315: 571 Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see 572 the 20141231 entry below for information about prerequisites and 573 upgrading, if you are not already using 3.5.0 or higher. 574 57520150307: 576 The 32-bit PowerPC kernel has been changed to a position-independent 577 executable. This can only be booted with a version of loader(8) 578 newer than January 31, 2015, so make sure to update both world and 579 kernel before rebooting. 580 58120150217: 582 If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014), 583 but before r278950, the RNG was not seeded properly. Immediately 584 upgrade the kernel to r278950 or later and regenerate any keys (e.g. 585 ssh keys or openssl keys) that were generated w/ a kernel from that 586 range. This does not affect programs that directly used /dev/random 587 or /dev/urandom. All userland uses of arc4random(3) are affected. 588 58920150210: 590 The autofs(4) ABI was changed in order to restore binary compatibility 591 with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work 592 with the new kernel. 593 59420150131: 595 The powerpc64 kernel has been changed to a position-independent 596 executable. This can only be booted with a new version of loader(8), 597 so make sure to update both world and kernel before rebooting. 598 59920150118: 600 Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix 601 only release, no new features have been added. Please see the 20141231 602 entry below for information about prerequisites and upgrading, if you 603 are not already using 3.5.0. 604 60520150107: 606 ELF tools addr2line, elfcopy (strip), nm, size, and strings are now 607 taken from the ELF Tool Chain project rather than GNU binutils. They 608 should be drop-in replacements, with the addition of arm64 support. 609 The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the 610 binutils tools, if necessary. See 20150805 for updated information. 611 61220150105: 613 The default Unbound configuration now enables remote control 614 using a local socket. Users who have already enabled the 615 local_unbound service should regenerate their configuration 616 by running "service local_unbound setup" as root. 617 61820150102: 619 The GNU texinfo and GNU info pages have been removed. 620 To be able to view GNU info pages please install texinfo from ports. 621 62220141231: 623 Clang, llvm and lldb have been upgraded to 3.5.0 release. 624 625 As of this release, a prerequisite for building clang, llvm and lldb is 626 a C++11 capable compiler and C++11 standard library. This means that to 627 be able to successfully build the cross-tools stage of buildworld, with 628 clang as the bootstrap compiler, your system compiler or cross compiler 629 should either be clang 3.3 or later, or gcc 4.8 or later, and your 630 system C++ library should be libc++, or libdstdc++ from gcc 4.8 or 631 later. 632 633 On any standard FreeBSD 10.x or 11.x installation, where clang and 634 libc++ are on by default (that is, on x86 or arm), this should work out 635 of the box. 636 637 On 9.x installations where clang is enabled by default, e.g. on x86 and 638 powerpc, libc++ will not be enabled by default, so libc++ should be 639 built (with clang) and installed first. If both clang and libc++ are 640 missing, build clang first, then use it to build libc++. 641 642 On 8.x and earlier installations, upgrade to 9.x first, and then follow 643 the instructions for 9.x above. 644 645 Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by 646 default, and do not build clang. 647 648 Many embedded systems are resource constrained, and will not be able to 649 build clang in a reasonable time, or in some cases at all. In those 650 cases, cross building bootable systems on amd64 is a workaround. 651 652 This new version of clang introduces a number of new warnings, of which 653 the following are most likely to appear: 654 655 -Wabsolute-value 656 657 This warns in two cases, for both C and C++: 658 * When the code is trying to take the absolute value of an unsigned 659 quantity, which is effectively a no-op, and almost never what was 660 intended. The code should be fixed, if at all possible. If you are 661 sure that the unsigned quantity can be safely cast to signed, without 662 loss of information or undefined behavior, you can add an explicit 663 cast, or disable the warning. 664 665 * When the code is trying to take an absolute value, but the called 666 abs() variant is for the wrong type, which can lead to truncation. 667 If you want to disable the warning instead of fixing the code, please 668 make sure that truncation will not occur, or it might lead to unwanted 669 side-effects. 670 671 -Wtautological-undefined-compare and 672 -Wundefined-bool-conversion 673 674 These warn when C++ code is trying to compare 'this' against NULL, while 675 'this' should never be NULL in well-defined C++ code. However, there is 676 some legacy (pre C++11) code out there, which actively abuses this 677 feature, which was less strictly defined in previous C++ versions. 678 679 Squid and openjdk do this, for example. The warning can be turned off 680 for C++98 and earlier, but compiling the code in C++11 mode might result 681 in unexpected behavior; for example, the parts of the program that are 682 unreachable could be optimized away. 683 68420141222: 685 The old NFS client and server (kernel options NFSCLIENT, NFSSERVER) 686 kernel sources have been removed. The .h files remain, since some 687 utilities include them. This will need to be fixed later. 688 If "mount -t oldnfs ..." is attempted, it will fail. 689 If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used, 690 the utilities will report errors. 691 69220141121: 693 The handling of LOCAL_LIB_DIRS has been altered to skip addition of 694 directories to top level SUBDIR variable when their parent 695 directory is included in LOCAL_DIRS. Users with build systems with 696 such hierarchies and without SUBDIR entries in the parent 697 directory Makefiles should add them or add the directories to 698 LOCAL_DIRS. 699 70020141109: 701 faith(4) and faithd(8) have been removed from the base system. Faith 702 has been obsolete for a very long time. 703 70420141104: 705 vt(4), the new console driver, is enabled by default. It brings 706 support for Unicode and double-width characters, as well as 707 support for UEFI and integration with the KMS kernel video 708 drivers. 709 710 You may need to update your console settings in /etc/rc.conf, 711 most probably the keymap. During boot, /etc/rc.d/syscons will 712 indicate what you need to do. 713 714 vt(4) still has issues and lacks some features compared to 715 syscons(4). See the wiki for up-to-date information: 716 https://wiki.freebsd.org/Newcons 717 718 If you want to keep using syscons(4), you can do so by adding 719 the following line to /boot/loader.conf: 720 kern.vty=sc 721 72220141102: 723 pjdfstest has been integrated into kyua as an opt-in test suite. 724 Please see share/doc/pjdfstest/README for more details on how to 725 execute it. 726 72720141009: 728 gperf has been removed from the base system for architectures 729 that use clang. Ports that require gperf will obtain it from the 730 devel/gperf port. 731 73220140923: 733 pjdfstest has been moved from tools/regression/pjdfstest to 734 contrib/pjdfstest . 735 73620140922: 737 At svn r271982, The default linux compat kernel ABI has been adjusted 738 to 2.6.18 in support of the linux-c6 compat ports infrastructure 739 update. If you wish to continue using the linux-f10 compat ports, 740 add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are 741 encouraged to update their linux-compat packages to linux-c6 during 742 their next update cycle. 743 74420140729: 745 The ofwfb driver, used to provide a graphics console on PowerPC when 746 using vt(4), no longer allows mmap() of all physical memory. This 747 will prevent Xorg on PowerPC with some ATI graphics cards from 748 initializing properly unless x11-servers/xorg-server is updated to 749 1.12.4_8 or newer. 750 75120140723: 752 The xdev targets have been converted to using TARGET and 753 TARGET_ARCH instead of XDEV and XDEV_ARCH. 754 75520140719: 756 The default unbound configuration has been modified to address 757 issues with reverse lookups on networks that use private 758 address ranges. If you use the local_unbound service, run 759 "service local_unbound setup" as root to regenerate your 760 configuration, then "service local_unbound reload" to load the 761 new configuration. 762 76320140709: 764 The GNU texinfo and GNU info pages are not built and installed 765 anymore, WITH_INFO knob has been added to allow to built and install 766 them again. 767 UPDATE: see 20150102 entry on texinfo's removal 768 76920140708: 770 The GNU readline library is now an INTERNALLIB - that is, it is 771 statically linked into consumers (GDB and variants) in the base 772 system, and the shared library is no longer installed. The 773 devel/readline port is available for third party software that 774 requires readline. 775 77620140702: 777 The Itanium architecture (ia64) has been removed from the list of 778 known architectures. This is the first step in the removal of the 779 architecture. 780 78120140701: 782 Commit r268115 has added NFSv4.1 server support, merged from 783 projects/nfsv4.1-server. Since this includes changes to the 784 internal interfaces between the NFS related modules, a full 785 build of the kernel and modules will be necessary. 786 __FreeBSD_version has been bumped. 787 78820140629: 789 The WITHOUT_VT_SUPPORT kernel config knob has been renamed 790 WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning 791 which differs from the behaviour controlled by this knob.) 792 79320140619: 794 Maximal length of the serial number in CTL was increased from 16 to 795 64 chars, that breaks ABI. All CTL-related tools, such as ctladm 796 and ctld, need to be rebuilt to work with a new kernel. 797 79820140606: 799 The libatf-c and libatf-c++ major versions were downgraded to 0 and 800 1 respectively to match the upstream numbers. They were out of 801 sync because, when they were originally added to FreeBSD, the 802 upstream versions were not respected. These libraries are private 803 and not yet built by default, so renumbering them should be a 804 non-issue. However, unclean source trees will yield broken test 805 programs once the operator executes "make delete-old-libs" after a 806 "make installworld". 807 808 Additionally, the atf-sh binary was made private by moving it into 809 /usr/libexec/. Already-built shell test programs will keep the 810 path to the old binary so they will break after "make delete-old" 811 is run. 812 813 If you are using WITH_TESTS=yes (not the default), wipe the object 814 tree and rebuild from scratch to prevent spurious test failures. 815 This is only needed once: the misnumbered libraries and misplaced 816 binaries have been added to OptionalObsoleteFiles.inc so they will 817 be removed during a clean upgrade. 818 81920140512: 820 Clang and llvm have been upgraded to 3.4.1 release. 821 82220140508: 823 We bogusly installed src.opts.mk in /usr/share/mk. This file should 824 be removed to avoid issues in the future (and has been added to 825 ObsoleteFiles.inc). 826 82720140505: 828 /etc/src.conf now affects only builds of the FreeBSD src tree. In the 829 past, it affected all builds that used the bsd.*.mk files. The old 830 behavior was a bug, but people may have relied upon it. To get this 831 behavior back, you can .include /etc/src.conf from /etc/make.conf 832 (which is still global and isn't changed). This also changes the 833 behavior of incremental builds inside the tree of individual 834 directories. Set MAKESYSPATH to ".../share/mk" to do that. 835 Although this has survived make universe and some upgrade scenarios, 836 other upgrade scenarios may have broken. At least one form of 837 temporary breakage was fixed with MAKESYSPATH settings for buildworld 838 as well... In cases where MAKESYSPATH isn't working with this 839 setting, you'll need to set it to the full path to your tree. 840 841 One side effect of all this cleaning up is that bsd.compiler.mk 842 is no longer implicitly included by bsd.own.mk. If you wish to 843 use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk 844 as well. 845 84620140430: 847 The lindev device has been removed since /dev/full has been made a 848 standard device. __FreeBSD_version has been bumped. 849 85020140424: 851 The knob WITHOUT_VI was added to the base system, which controls 852 building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1) 853 in order to reorder files share/termcap and didn't build ex(1) as a 854 build tool, so building/installing with WITH_VI is highly advised for 855 build hosts for older releases. 856 857 This issue has been fixed in stable/9 and stable/10 in r277022 and 858 r276991, respectively. 859 86020140418: 861 The YES_HESIOD knob has been removed. It has been obsolete for 862 a decade. Please move to using WITH_HESIOD instead or your builds 863 will silently lack HESIOD. 864 86520140405: 866 The uart(4) driver has been changed with respect to its handling 867 of the low-level console. Previously the uart(4) driver prevented 868 any process from changing the baudrate or the CLOCAL and HUPCL 869 control flags. By removing the restrictions, operators can make 870 changes to the serial console port without having to reboot. 871 However, when getty(8) is started on the serial device that is 872 associated with the low-level console, a misconfigured terminal 873 line in /etc/ttys will now have a real impact. 874 Before upgrading the kernel, make sure that /etc/ttys has the 875 serial console device configured as 3wire without baudrate to 876 preserve the previous behaviour. E.g: 877 ttyu0 "/usr/libexec/getty 3wire" vt100 on secure 878 87920140306: 880 Support for libwrap (TCP wrappers) in rpcbind was disabled by default 881 to improve performance. To re-enable it, if needed, run rpcbind 882 with command line option -W. 883 88420140226: 885 Switched back to the GPL dtc compiler due to updates in the upstream 886 dts files not being supported by the BSDL dtc compiler. You will need 887 to rebuild your kernel toolchain to pick up the new compiler. Core dumps 888 may result while building dtb files during a kernel build if you fail 889 to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler. 890 89120140216: 892 Clang and llvm have been upgraded to 3.4 release. 893 89420140216: 895 The nve(4) driver has been removed. Please use the nfe(4) driver 896 for NVIDIA nForce MCP Ethernet adapters instead. 897 89820140212: 899 An ABI incompatibility crept into the libc++ 3.4 import in r261283. 900 This could cause certain C++ applications using shared libraries built 901 against the previous version of libc++ to crash. The incompatibility 902 has now been fixed, but any C++ applications or shared libraries built 903 between r261283 and r261801 should be recompiled. 904 90520140204: 906 OpenSSH will now ignore errors caused by kernel lacking of Capsicum 907 capability mode support. Please note that enabling the feature in 908 kernel is still highly recommended. 909 91020140131: 911 OpenSSH is now built with sandbox support, and will use sandbox as 912 the default privilege separation method. This requires Capsicum 913 capability mode support in kernel. 914 91520140128: 916 The libelf and libdwarf libraries have been updated to newer 917 versions from upstream. Shared library version numbers for 918 these two libraries were bumped. Any ports or binaries 919 requiring these two libraries should be recompiled. 920 __FreeBSD_version is bumped to 1100006. 921 92220140110: 923 If a Makefile in a tests/ directory was auto-generating a Kyuafile 924 instead of providing an explicit one, this would prevent such 925 Makefile from providing its own Kyuafile in the future during 926 NO_CLEAN builds. This has been fixed in the Makefiles but manual 927 intervention is needed to clean an objdir if you use NO_CLEAN: 928 # find /usr/obj -name Kyuafile | xargs rm -f 929 93020131213: 931 The behavior of gss_pseudo_random() for the krb5 mechanism 932 has changed, for applications requesting a longer random string 933 than produced by the underlying enctype's pseudo-random() function. 934 In particular, the random string produced from a session key of 935 enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will 936 be different at the 17th octet and later, after this change. 937 The counter used in the PRF+ construction is now encoded as a 938 big-endian integer in accordance with RFC 4402. 939 __FreeBSD_version is bumped to 1100004. 940 94120131108: 942 The WITHOUT_ATF build knob has been removed and its functionality 943 has been subsumed into the more generic WITHOUT_TESTS. If you were 944 using the former to disable the build of the ATF libraries, you 945 should change your settings to use the latter. 946 94720131025: 948 The default version of mtree is nmtree which is obtained from 949 NetBSD. The output is generally the same, but may vary 950 slightly. If you found you need identical output adding 951 "-F freebsd9" to the command line should do the trick. For the 952 time being, the old mtree is available as fmtree. 953 95420131014: 955 libbsdyml has been renamed to libyaml and moved to /usr/lib/private. 956 This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg 957 1.1.4_8 and verify bsdyml not linked in, before running "make 958 delete-old-libs": 959 # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean 960 or 961 # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml 962 96320131010: 964 The stable/10 branch has been created in subversion from head 965 revision r256279. 966 96720131010: 968 The rc.d/jail script has been updated to support jail(8) 969 configuration file. The "jail_<jname>_*" rc.conf(5) variables 970 for per-jail configuration are automatically converted to 971 /var/run/jail.<jname>.conf before the jail(8) utility is invoked. 972 This is transparently backward compatible. See below about some 973 incompatibilities and rc.conf(5) manual page for more details. 974 975 These variables are now deprecated in favor of jail(8) configuration 976 file. One can use "rc.d/jail config <jname>" command to generate 977 a jail(8) configuration file in /var/run/jail.<jname>.conf without 978 running the jail(8) utility. The default pathname of the 979 configuration file is /etc/jail.conf and can be specified by 980 using $jail_conf or $jail_<jname>_conf variables. 981 982 Please note that jail_devfs_ruleset accepts an integer at 983 this moment. Please consider to rewrite the ruleset name 984 with an integer. 985 98620130930: 987 BIND has been removed from the base system. If all you need 988 is a local resolver, simply enable and start the local_unbound 989 service instead. Otherwise, several versions of BIND are 990 available in the ports tree. The dns/bind99 port is one example. 991 992 With this change, nslookup(1) and dig(1) are no longer in the base 993 system. Users should instead use host(1) and drill(1) which are 994 in the base system. Alternatively, nslookup and dig can 995 be obtained by installing the dns/bind-tools port. 996 99720130916: 998 With the addition of unbound(8), a new unbound user is now 999 required during installworld. "mergemaster -p" can be used to 1000 add the user prior to installworld, as documented in the handbook. 1001 100220130911: 1003 OpenSSH is now built with DNSSEC support, and will by default 1004 silently trust signed SSHFP records. This can be controlled with 1005 the VerifyHostKeyDNS client configuration setting. DNSSEC support 1006 can be disabled entirely with the WITHOUT_LDNS option in src.conf. 1007 100820130906: 1009 The GNU Compiler Collection and C++ standard library (libstdc++) 1010 are no longer built by default on platforms where clang is the system 1011 compiler. You can enable them with the WITH_GCC and WITH_GNUCXX 1012 options in src.conf. 1013 101420130905: 1015 The PROCDESC kernel option is now part of the GENERIC kernel 1016 configuration and is required for the rwhod(8) to work. 1017 If you are using custom kernel configuration, you should include 1018 'options PROCDESC'. 1019 102020130905: 1021 The API and ABI related to the Capsicum framework was modified 1022 in backward incompatible way. The userland libraries and programs 1023 have to be recompiled to work with the new kernel. This includes the 1024 following libraries and programs, but the whole buildworld is 1025 advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl, 1026 kdump, procstat, rwho, rwhod, uniq. 1027 102820130903: 1029 AES-NI intrinsic support has been added to gcc. The AES-NI module 1030 has been updated to use this support. A new gcc is required to build 1031 the aesni module on both i386 and amd64. 1032 103320130821: 1034 The PADLOCK_RNG and RDRAND_RNG kernel options are now devices. 1035 Thus "device padlock_rng" and "device rdrand_rng" should be 1036 used instead of "options PADLOCK_RNG" & "options RDRAND_RNG". 1037 103820130813: 1039 WITH_ICONV has been split into two feature sets. WITH_ICONV now 1040 enables just the iconv* functionality and is now on by default. 1041 WITH_LIBICONV_COMPAT enables the libiconv api and link time 1042 compatibility. Set WITHOUT_ICONV to build the old way. 1043 If you have been using WITH_ICONV before, you will very likely 1044 need to turn on WITH_LIBICONV_COMPAT. 1045 104620130806: 1047 INVARIANTS option now enables DEBUG for code with OpenSolaris and 1048 Illumos origin, including ZFS. If you have INVARIANTS in your 1049 kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG 1050 explicitly. 1051 DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS) 1052 locks if WITNESS option was set. Because that generated a lot of 1053 witness(9) reports and all of them were believed to be false 1054 positives, this is no longer done. New option OPENSOLARIS_WITNESS 1055 can be used to achieve the previous behavior. 1056 105720130806: 1058 Timer values in IPv6 data structures now use time_uptime instead 1059 of time_second. Although this is not a user-visible functional 1060 change, userland utilities which directly use them---ndp(8), 1061 rtadvd(8), and rtsold(8) in the base system---need to be updated 1062 to r253970 or later. 1063 106420130802: 1065 find -delete can now delete the pathnames given as arguments, 1066 instead of only files found below them or if the pathname did 1067 not contain any slashes. Formerly, the following error message 1068 would result: 1069 1070 find: -delete: <path>: relative path potentially not safe 1071 1072 Deleting the pathnames given as arguments can be prevented 1073 without error messages using -mindepth 1 or by changing 1074 directory and passing "." as argument to find. This works in the 1075 old as well as the new version of find. 1076 107720130726: 1078 Behavior of devfs rules path matching has been changed. 1079 Pattern is now always matched against fully qualified devfs 1080 path and slash characters must be explicitly matched by 1081 slashes in pattern (FNM_PATHNAME). Rulesets involving devfs 1082 subdirectories must be reviewed. 1083 108420130716: 1085 The default ARM ABI has changed to the ARM EABI. The old ABI is 1086 incompatible with the ARM EABI and all programs and modules will 1087 need to be rebuilt to work with a new kernel. 1088 1089 To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set. 1090 1091 NOTE: Support for the old ABI will be removed in the future and 1092 users are advised to upgrade. 1093 109420130709: 1095 pkg_install has been disconnected from the build if you really need it 1096 you should add WITH_PKGTOOLS in your src.conf(5). 1097 109820130709: 1099 Most of network statistics structures were changed to be able 1100 keep 64-bits counters. Thus all tools, that work with networking 1101 statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.) 1102 110320130618: 1104 Fix a bug that allowed a tracing process (e.g. gdb) to write 1105 to a memory-mapped file in the traced process's address space 1106 even if neither the traced process nor the tracing process had 1107 write access to that file. 1108 110920130615: 1110 CVS has been removed from the base system. An exact copy 1111 of the code is available from the devel/cvs port. 1112 111320130613: 1114 Some people report the following error after the switch to bmake: 1115 1116 make: illegal option -- J 1117 usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable] 1118 ... 1119 *** [buildworld] Error code 2 1120 1121 this likely due to an old instance of make in 1122 ${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE}) 1123 which src/Makefile will use that blindly, if it exists, so if 1124 you see the above error: 1125 1126 rm -rf `make -V MAKEPATH` 1127 1128 should resolve it. 1129 113020130516: 1131 Use bmake by default. 1132 Whereas before one could choose to build with bmake via 1133 -DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old 1134 make. The goal is to remove these knobs for 10-RELEASE. 1135 1136 It is worth noting that bmake (like gmake) treats the command 1137 line as the unit of failure, rather than statements within the 1138 command line. Thus '(cd some/where && dosomething)' is safer 1139 than 'cd some/where; dosomething'. The '()' allows consistent 1140 behavior in parallel build. 1141 114220130429: 1143 Fix a bug that allows NFS clients to issue READDIR on files. 1144 114520130426: 1146 The WITHOUT_IDEA option has been removed because 1147 the IDEA patent expired. 1148 114920130426: 1150 The sysctl which controls TRIM support under ZFS has been renamed 1151 from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been 1152 enabled by default. 1153 115420130425: 1155 The mergemaster command now uses the default MAKEOBJDIRPREFIX 1156 rather than creating it's own in the temporary directory in 1157 order allow access to bootstrapped versions of tools such as 1158 install and mtree. When upgrading from version of FreeBSD where 1159 the install command does not support -l, you will need to 1160 install a new mergemaster command if mergemaster -p is required. 1161 This can be accomplished with the command (cd src/usr.sbin/mergemaster 1162 && make install). 1163 116420130404: 1165 Legacy ATA stack, disabled and replaced by new CAM-based one since 1166 FreeBSD 9.0, completely removed from the sources. Kernel modules 1167 atadisk and atapi*, user-level tools atacontrol and burncd are 1168 removed. Kernel option `options ATA_CAM` is now permanently enabled 1169 and removed. 1170 117120130319: 1172 SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2) 1173 and socketpair(2). Software, in particular Kerberos, may 1174 automatically detect and use these during building. The resulting 1175 binaries will not work on older kernels. 1176 117720130308: 1178 CTL_DISABLE has also been added to the sparc64 GENERIC (for further 1179 information, see the respective 20130304 entry). 1180 118120130304: 1182 Recent commits to callout(9) changed the size of struct callout, 1183 so the KBI is probably heavily disturbed. Also, some functions 1184 in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced 1185 by macros. Every kernel module using it won't load, so rebuild 1186 is requested. 1187 1188 The ctl device has been re-enabled in GENERIC for i386 and amd64, 1189 but does not initialize by default (because of the new CTL_DISABLE 1190 option) to save memory. To re-enable it, remove the CTL_DISABLE 1191 option from the kernel config file or set kern.cam.ctl.disable=0 1192 in /boot/loader.conf. 1193 119420130301: 1195 The ctl device has been disabled in GENERIC for i386 and amd64. 1196 This was done due to the extra memory being allocated at system 1197 initialisation time by the ctl driver which was only used if 1198 a CAM target device was created. This makes a FreeBSD system 1199 unusable on 128MB or less of RAM. 1200 120120130208: 1202 A new compression method (lz4) has been merged to -HEAD. Please 1203 refer to zpool-features(7) for more information. 1204 1205 Please refer to the "ZFS notes" section of this file for information 1206 on upgrading boot ZFS pools. 1207 120820130129: 1209 A BSD-licensed patch(1) variant has been added and is installed 1210 as bsdpatch, being the GNU version the default patch. 1211 To inverse the logic and use the BSD-licensed one as default, 1212 while having the GNU version installed as gnupatch, rebuild 1213 and install world with the WITH_BSD_PATCH knob set. 1214 121520130121: 1216 Due to the use of the new -l option to install(1) during build 1217 and install, you must take care not to directly set the INSTALL 1218 make variable in your /etc/make.conf, /etc/src.conf, or on the 1219 command line. If you wish to use the -C flag for all installs 1220 you may be able to add INSTALL+=-C to /etc/make.conf or 1221 /etc/src.conf. 1222 122320130118: 1224 The install(1) option -M has changed meaning and now takes an 1225 argument that is a file or path to append logs to. In the 1226 unlikely event that -M was the last option on the command line 1227 and the command line contained at least two files and a target 1228 directory the first file will have logs appended to it. The -M 1229 option served little practical purpose in the last decade so its 1230 use is expected to be extremely rare. 1231 123220121223: 1233 After switching to Clang as the default compiler some users of ZFS 1234 on i386 systems started to experience stack overflow kernel panics. 1235 Please consider using 'options KSTACK_PAGES=4' in such configurations. 1236 123720121222: 1238 GEOM_LABEL now mangles label names read from file system metadata. 1239 Mangling affect labels containing spaces, non-printable characters, 1240 '%' or '"'. Device names in /etc/fstab and other places may need to 1241 be updated. 1242 124320121217: 1244 By default, only the 10 most recent kernel dumps will be saved. To 1245 restore the previous behaviour (no limit on the number of kernel dumps 1246 stored in the dump directory) add the following line to /etc/rc.conf: 1247 1248 savecore_flags="" 1249 125020121201: 1251 With the addition of auditdistd(8), a new auditdistd user is now 1252 required during installworld. "mergemaster -p" can be used to 1253 add the user prior to installworld, as documented in the handbook. 1254 125520121117: 1256 The sin6_scope_id member variable in struct sockaddr_in6 is now 1257 filled by the kernel before passing the structure to the userland via 1258 sysctl or routing socket. This means the KAME-specific embedded scope 1259 id in sin6_addr.s6_addr[2] is always cleared in userland application. 1260 This behavior can be controlled by net.inet6.ip6.deembed_scopeid. 1261 __FreeBSD_version is bumped to 1000025. 1262 126320121105: 1264 On i386 and amd64 systems WITH_CLANG_IS_CC is now the default. 1265 This means that the world and kernel will be compiled with clang 1266 and that clang will be installed as /usr/bin/cc, /usr/bin/c++, 1267 and /usr/bin/cpp. To disable this behavior and revert to building 1268 with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions 1269 of current may need to bootstrap WITHOUT_CLANG first if the clang 1270 build fails (its compatibility window doesn't extend to the 9 stable 1271 branch point). 1272 127320121102: 1274 The IPFIREWALL_FORWARD kernel option has been removed. Its 1275 functionality now turned on by default. 1276 127720121023: 1278 The ZERO_COPY_SOCKET kernel option has been removed and 1279 split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP. 1280 NB: SOCKET_SEND_COW uses the VM page based copy-on-write 1281 mechanism which is not safe and may result in kernel crashes. 1282 NB: The SOCKET_RECV_PFLIP mechanism is useless as no current 1283 driver supports disposeable external page sized mbuf storage. 1284 Proper replacements for both zero-copy mechanisms are under 1285 consideration and will eventually lead to complete removal 1286 of the two kernel options. 1287 128820121023: 1289 The IPv4 network stack has been converted to network byte 1290 order. The following modules need to be recompiled together 1291 with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4), 1292 pf(4), ipfw(4), ng_ipfw(4), stf(4). 1293 129420121022: 1295 Support for non-MPSAFE filesystems was removed from VFS. The 1296 VFS_VERSION was bumped, all filesystem modules shall be 1297 recompiled. 1298 129920121018: 1300 All the non-MPSAFE filesystems have been disconnected from 1301 the build. The full list includes: codafs, hpfs, ntfs, nwfs, 1302 portalfs, smbfs, xfs. 1303 130420121016: 1305 The interface cloning API and ABI has changed. The following 1306 modules need to be recompiled together with kernel: 1307 ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4), 1308 vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4), 1309 faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4). 1310 131120121015: 1312 The sdhci driver was split in two parts: sdhci (generic SD Host 1313 Controller logic) and sdhci_pci (actual hardware driver). 1314 No kernel config modifications are required, but if you 1315 load sdhc as a module you must switch to sdhci_pci instead. 1316 131720121014: 1318 Import the FUSE kernel and userland support into base system. 1319 132020121013: 1321 The GNU sort(1) program has been removed since the BSD-licensed 1322 sort(1) has been the default for quite some time and no serious 1323 problems have been reported. The corresponding WITH_GNU_SORT 1324 knob has also gone. 1325 132620121006: 1327 The pfil(9) API/ABI for AF_INET family has been changed. Packet 1328 filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled 1329 with new kernel. 1330 133120121001: 1332 The net80211(4) ABI has been changed to allow for improved driver 1333 PS-POLL and power-save support. All wireless drivers need to be 1334 recompiled to work with the new kernel. 1335 133620120913: 1337 The random(4) support for the VIA hardware random number 1338 generator (`PADLOCK') is no longer enabled unconditionally. 1339 Add the padlock_rng device in the custom kernel config if 1340 needed. The GENERIC kernels on i386 and amd64 do include the 1341 device, so the change only affects the custom kernel 1342 configurations. 1343 134420120908: 1345 The pf(4) packet filter ABI has been changed. pfctl(8) and 1346 snmp_pf module need to be recompiled to work with new kernel. 1347 134820120828: 1349 A new ZFS feature flag "com.delphix:empty_bpobj" has been merged 1350 to -HEAD. Pools that have empty_bpobj in active state can not be 1351 imported read-write with ZFS implementations that do not support 1352 this feature. For more information read the zpool-features(5) 1353 manual page. 1354 135520120727: 1356 The sparc64 ZFS loader has been changed to no longer try to auto- 1357 detect ZFS providers based on diskN aliases but now requires these 1358 to be explicitly listed in the OFW boot-device environment variable. 1359 136020120712: 1361 The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring 1362 libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are 1363 configuration changes. Make sure to merge /etc/ssl/openssl.cnf. 1364 136520120712: 1366 The following sysctls and tunables have been renamed for consistency 1367 with other variables: 1368 kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered 1369 kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered 1370 137120120628: 1372 The sort utility has been replaced with BSD sort. For now, GNU sort 1373 is also available as "gnusort" or the default can be set back to 1374 GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be 1375 installed as "bsdsort". 1376 137720120611: 1378 A new version of ZFS (pool version 5000) has been merged to -HEAD. 1379 Starting with this version the old system of ZFS pool versioning 1380 is superseded by "feature flags". This concept enables forward 1381 compatibility against certain future changes in functionality of ZFS 1382 pools. The first read-only compatible "feature flag" for ZFS pools 1383 is named "com.delphix:async_destroy". For more information 1384 read the new zpool-features(5) manual page. 1385 Please refer to the "ZFS notes" section of this file for information 1386 on upgrading boot ZFS pools. 1387 138820120417: 1389 The malloc(3) implementation embedded in libc now uses sources imported 1390 as contrib/jemalloc. The most disruptive API change is to 1391 /etc/malloc.conf. If your system has an old-style /etc/malloc.conf, 1392 delete it prior to installworld, and optionally re-create it using the 1393 new format after rebooting. See malloc.conf(5) for details 1394 (specifically the TUNING section and the "opt.*" entries in the MALLCTL 1395 NAMESPACE section). 1396 139720120328: 1398 Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb 1399 is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is 1400 now spelled mips. This is to aid compatibility with third-party 1401 software that expects this naming scheme in uname(3). Little-endian 1402 settings are unchanged. If you are updating a big-endian mips64 machine 1403 from before this change, you may need to set MACHINE_ARCH=mips64 in 1404 your environment before the new build system will recognize your machine. 1405 140620120306: 1407 Disable by default the option VFS_ALLOW_NONMPSAFE for all supported 1408 platforms. 1409 141020120229: 1411 Now unix domain sockets behave "as expected" on nullfs(5). Previously 1412 nullfs(5) did not pass through all behaviours to the underlying layer, 1413 as a result if we bound to a socket on the lower layer we could connect 1414 only to the lower path; if we bound to the upper layer we could connect 1415 only to the upper path. The new behavior is one can connect to both the 1416 lower and the upper paths regardless what layer path one binds to. 1417 141820120211: 1419 The getifaddrs upgrade path broken with 20111215 has been restored. 1420 If you have upgraded in between 20111215 and 20120209 you need to 1421 recompile libc again with your kernel. You still need to recompile 1422 world to be able to configure CARP but this restriction already 1423 comes from 20111215. 1424 142520120114: 1426 The set_rcvar() function has been removed from /etc/rc.subr. All 1427 base and ports rc.d scripts have been updated, so if you have a 1428 port installed with a script in /usr/local/etc/rc.d you can either 1429 hand-edit the rcvar= line, or reinstall the port. 1430 1431 An easy way to handle the mass-update of /etc/rc.d: 1432 rm /etc/rc.d/* && mergemaster -i 1433 143420120109: 1435 panic(9) now stops other CPUs in the SMP systems, disables interrupts 1436 on the current CPU and prevents other threads from running. 1437 This behavior can be reverted using the kern.stop_scheduler_on_panic 1438 tunable/sysctl. 1439 The new behavior can be incompatible with kern.sync_on_panic. 1440 144120111215: 1442 The carp(4) facility has been changed significantly. Configuration 1443 of the CARP protocol via ifconfig(8) has changed, as well as format 1444 of CARP events submitted to devd(8) has changed. See manual pages 1445 for more information. The arpbalance feature of carp(4) is currently 1446 not supported anymore. 1447 1448 Size of struct in_aliasreq, struct in6_aliasreq has changed. User 1449 utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8), 1450 need to be recompiled. 1451 145220111122: 1453 The acpi_wmi(4) status device /dev/wmistat has been renamed to 1454 /dev/wmistat0. 1455 145620111108: 1457 The option VFS_ALLOW_NONMPSAFE option has been added in order to 1458 explicitely support non-MPSAFE filesystems. 1459 It is on by default for all supported platform at this present 1460 time. 1461 146220111101: 1463 The broken amd(4) driver has been replaced with esp(4) in the amd64, 1464 i386 and pc98 GENERIC kernel configuration files. 1465 146620110930: 1467 sysinstall has been removed 1468 146920110923: 1470 The stable/9 branch created in subversion. This corresponds to the 1471 RELENG_9 branch in CVS. 1472 1473COMMON ITEMS: 1474 1475 General Notes 1476 ------------- 1477 Avoid using make -j when upgrading. While generally safe, there are 1478 sometimes problems using -j to upgrade. If your upgrade fails with 1479 -j, please try again without -j. From time to time in the past there 1480 have been problems using -j with buildworld and/or installworld. This 1481 is especially true when upgrading between "distant" versions (eg one 1482 that cross a major release boundary or several minor releases, or when 1483 several months have passed on the -current branch). 1484 1485 Sometimes, obscure build problems are the result of environment 1486 poisoning. This can happen because the make utility reads its 1487 environment when searching for values for global variables. To run 1488 your build attempts in an "environmental clean room", prefix all make 1489 commands with 'env -i '. See the env(1) manual page for more details. 1490 1491 When upgrading from one major version to another it is generally best 1492 to upgrade to the latest code in the currently installed branch first, 1493 then do an upgrade to the new branch. This is the best-tested upgrade 1494 path, and has the highest probability of being successful. Please try 1495 this approach before reporting problems with a major version upgrade. 1496 1497 When upgrading a live system, having a root shell around before 1498 installing anything can help undo problems. Not having a root shell 1499 around can lead to problems if pam has changed too much from your 1500 starting point to allow continued authentication after the upgrade. 1501 1502 This file should be read as a log of events. When a later event changes 1503 information of a prior event, the prior event should not be deleted. 1504 Instead, a pointer to the entry with the new information should be 1505 placed in the old entry. Readers of this file should also sanity check 1506 older entries before relying on them blindly. Authors of new entries 1507 should write them with this in mind. 1508 1509 ZFS notes 1510 --------- 1511 When upgrading the boot ZFS pool to a new version, always follow 1512 these two steps: 1513 1514 1.) recompile and reinstall the ZFS boot loader and boot block 1515 (this is part of "make buildworld" and "make installworld") 1516 1517 2.) update the ZFS boot block on your boot drive 1518 1519 The following example updates the ZFS boot block on the first 1520 partition (freebsd-boot) of a GPT partitioned drive ada0: 1521 "gpart bootcode -p /boot/gptzfsboot -i 1 ada0" 1522 1523 Non-boot pools do not need these updates. 1524 1525 To build a kernel 1526 ----------------- 1527 If you are updating from a prior version of FreeBSD (even one just 1528 a few days old), you should follow this procedure. It is the most 1529 failsafe as it uses a /usr/obj tree with a fresh mini-buildworld, 1530 1531 make kernel-toolchain 1532 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE 1533 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE 1534 1535 To test a kernel once 1536 --------------------- 1537 If you just want to boot a kernel once (because you are not sure 1538 if it works, or if you want to boot a known bad kernel to provide 1539 debugging information) run 1540 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel 1541 nextboot -k testkernel 1542 1543 To just build a kernel when you know that it won't mess you up 1544 -------------------------------------------------------------- 1545 This assumes you are already running a CURRENT system. Replace 1546 ${arch} with the architecture of your machine (e.g. "i386", 1547 "arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc). 1548 1549 cd src/sys/${arch}/conf 1550 config KERNEL_NAME_HERE 1551 cd ../compile/KERNEL_NAME_HERE 1552 make depend 1553 make 1554 make install 1555 1556 If this fails, go to the "To build a kernel" section. 1557 1558 To rebuild everything and install it on the current system. 1559 ----------------------------------------------------------- 1560 # Note: sometimes if you are running current you gotta do more than 1561 # is listed here if you are upgrading from a really old current. 1562 1563 <make sure you have good level 0 dumps> 1564 make buildworld 1565 make kernel KERNCONF=YOUR_KERNEL_HERE 1566 [1] 1567 <reboot in single user> [3] 1568 mergemaster -Fp [5] 1569 make installworld 1570 mergemaster -Fi [4] 1571 make delete-old [6] 1572 <reboot> 1573 1574 To cross-install current onto a separate partition 1575 -------------------------------------------------- 1576 # In this approach we use a separate partition to hold 1577 # current's root, 'usr', and 'var' directories. A partition 1578 # holding "/", "/usr" and "/var" should be about 2GB in 1579 # size. 1580 1581 <make sure you have good level 0 dumps> 1582 <boot into -stable> 1583 make buildworld 1584 make buildkernel KERNCONF=YOUR_KERNEL_HERE 1585 <maybe newfs current's root partition> 1586 <mount current's root partition on directory ${CURRENT_ROOT}> 1587 make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC 1588 make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd 1589 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT} 1590 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd 1591 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition> 1592 <reboot into current> 1593 <do a "native" rebuild/install as described in the previous section> 1594 <maybe install compatibility libraries from ports/misc/compat*> 1595 <reboot> 1596 1597 1598 To upgrade in-place from stable to current 1599 ---------------------------------------------- 1600 <make sure you have good level 0 dumps> 1601 make buildworld [9] 1602 make kernel KERNCONF=YOUR_KERNEL_HERE [8] 1603 [1] 1604 <reboot in single user> [3] 1605 mergemaster -Fp [5] 1606 make installworld 1607 mergemaster -Fi [4] 1608 make delete-old [6] 1609 <reboot> 1610 1611 Make sure that you've read the UPDATING file to understand the 1612 tweaks to various things you need. At this point in the life 1613 cycle of current, things change often and you are on your own 1614 to cope. The defaults can also change, so please read ALL of 1615 the UPDATING entries. 1616 1617 Also, if you are tracking -current, you must be subscribed to 1618 freebsd-current@freebsd.org. Make sure that before you update 1619 your sources that you have read and understood all the recent 1620 messages there. If in doubt, please track -stable which has 1621 much fewer pitfalls. 1622 1623 [1] If you have third party modules, such as vmware, you 1624 should disable them at this point so they don't crash your 1625 system on reboot. 1626 1627 [3] From the bootblocks, boot -s, and then do 1628 fsck -p 1629 mount -u / 1630 mount -a 1631 cd src 1632 adjkerntz -i # if CMOS is wall time 1633 Also, when doing a major release upgrade, it is required that 1634 you boot into single user mode to do the installworld. 1635 1636 [4] Note: This step is non-optional. Failure to do this step 1637 can result in a significant reduction in the functionality of the 1638 system. Attempting to do it by hand is not recommended and those 1639 that pursue this avenue should read this file carefully, as well 1640 as the archives of freebsd-current and freebsd-hackers mailing lists 1641 for potential gotchas. The -U option is also useful to consider. 1642 See mergemaster(8) for more information. 1643 1644 [5] Usually this step is a noop. However, from time to time 1645 you may need to do this if you get unknown user in the following 1646 step. It never hurts to do it all the time. You may need to 1647 install a new mergemaster (cd src/usr.sbin/mergemaster && make 1648 install) after the buildworld before this step if you last updated 1649 from current before 20130425 or from -stable before 20130430. 1650 1651 [6] This only deletes old files and directories. Old libraries 1652 can be deleted by "make delete-old-libs", but you have to make 1653 sure that no program is using those libraries anymore. 1654 1655 [8] In order to have a kernel that can run the 4.x binaries needed to 1656 do an installworld, you must include the COMPAT_FREEBSD4 option in 1657 your kernel. Failure to do so may leave you with a system that is 1658 hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is 1659 required to run the 5.x binaries on more recent kernels. And so on 1660 for COMPAT_FREEBSD6 and COMPAT_FREEBSD7. 1661 1662 Make sure that you merge any new devices from GENERIC since the 1663 last time you updated your kernel config file. 1664 1665 [9] When checking out sources, you must include the -P flag to have 1666 cvs prune empty directories. 1667 1668 If CPUTYPE is defined in your /etc/make.conf, make sure to use the 1669 "?=" instead of the "=" assignment operator, so that buildworld can 1670 override the CPUTYPE if it needs to. 1671 1672 MAKEOBJDIRPREFIX must be defined in an environment variable, and 1673 not on the command line, or in /etc/make.conf. buildworld will 1674 warn if it is improperly defined. 1675FORMAT: 1676 1677This file contains a list, in reverse chronological order, of major 1678breakages in tracking -current. It is not guaranteed to be a complete 1679list of such breakages, and only contains entries since September 23, 2011. 1680If you need to see UPDATING entries from before that date, you will need 1681to fetch an UPDATING file from an older FreeBSD release. 1682 1683Copyright information: 1684 1685Copyright 1998-2009 M. Warner Losh. All Rights Reserved. 1686 1687Redistribution, publication, translation and use, with or without 1688modification, in full or in part, in any form or format of this 1689document are permitted without further permission from the author. 1690 1691THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR 1692IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 1693WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 1694DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT, 1695INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 1696(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 1697SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1698HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1699STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 1700IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 1701POSSIBILITY OF SUCH DAMAGE. 1702 1703Contact Warner Losh if you have any questions about your use of 1704this document. 1705 1706$FreeBSD: releng/11.0/UPDATING 326358 2017-11-29 05:59:12Z delphij $ 1707