UPDATING revision 314125
1Updating Information for FreeBSD current users. 2 3This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>. 4See end of file for further details. For commonly done items, please see the 5COMMON ITEMS: section later in the file. These instructions assume that you 6basically know what you are doing. If not, then please consult the FreeBSD 7handbook: 8 9 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html 10 11Items affecting the ports and packages system can be found in 12/usr/ports/UPDATING. Please read that file before running portupgrade. 13 14NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping 15from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to 16the tip of head, and then rebuild without this option. The bootstrap process 17from older version of current across the gcc/clang cutover is a bit fragile. 18 1920170223 p8 FreeBSD-SA-17:02.openssl 20 FreeBSD-EN-17:01.pcie 21 FreeBSD-EN-17:02.yp 22 FreeBSD-EN-17:03.hyperv 23 FreeBSD-EN-17:04.mandoc 24 25 Fix multiple vulnerabilities of OpenSSL. [SA-17:02] 26 27 Fix system hang when booting when PCI-express HotPlug is enabled. 28 [EN-17:01] 29 30 Fix NIS master updates are not pushed to NIS slave. [EN-17:02] 31 32 Fix compatibility with Hyper-V/storage after KB3172614 or 33 KB3179574. [EN-17:03] 34 35 Make makewhatis output reproducible. [EN-17:04] 36 3720170111 p7 FreeBSD-SA-17:01.openssh 38 39 Fix multiple vulnerabilities of OpenSSH. 40 4120161222 p6 FreeBSD-SA-16:39.ntp 42 43 Fix multiple vulnerabilities of ntp. 44 4520161208 p5 FreeBSD-SA-16:37.libc [revised] 46 47 Fix regressions introduced by SA-16:37.libc. 48 4920161206 p4 FreeBSD-SA-16:36.telnetd 50 FreeBSD-SA-16:37.libc 51 FreeBSD-SA-16:38.bhyve 52 FreeBSD-EN-16:19.tzcode 53 FreeBSD-EN-16:20.tzdata 54 FreeBSD-EN-16:21.localedef 55 56 Fix possible login(1) argument injection in telnetd(8). [SA-16:36] 57 Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] 58 Fix possible escape from bhyve(8) virtual machine. [SA-16:38] 59 Fix warnings about valid time zone abbreviations. [EN-16:19] 60 Update timezone database information. [EN-16:20] 61 Fix incorrectly defined unicode character(s). [EN-16:21] 62 6320161102 p3 FreeBSD-SA-16:33.openssh 64 65 Fix Fix OpenSSH remote Denial of Service vulnerability. 66 6720161025 p2 FreeBSD-SA-16:15.sysarch [revised] 68 FreeBSD-SA-16:32.bhyve 69 70 Fix incorrect argument validation in sysarch(2). [SA-16:15] 71 Fix access to host memory from guest in bhyve(8). [SA-16:32] 72 7320160928: 74 11.0-RELEASE. 75 7620160622: 77 The libc stub for the pipe(2) system call has been replaced with 78 a wrapper that calls the pipe2(2) system call and the pipe(2) 79 system call is now only implemented by the kernels that include 80 "options COMPAT_FREEBSD10" in their config file (this is the 81 default). Users should ensure that this option is enabled in 82 their kernel or upgrade userspace to r302092 before upgrading their 83 kernel. 84 8520160527: 86 CAM will now strip leading spaces from SCSI disks' serial numbers. 87 This will effect users who create UFS filesystems on SCSI disks using 88 those disk's diskid device nodes. For example, if /etc/fstab 89 previously contained a line like 90 "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should 91 change it to "/dev/diskid/DISK-ABCDEFG0123456". Users of geom 92 transforms like gmirror may also be affected. ZFS users should 93 generally be fine. 94 9520160523: 96 The bitstring(3) API has been updated with new functionality and 97 improved performance. But it is binary-incompatible with the old API. 98 Objects built with the new headers may not be linked against objects 99 built with the old headers. 100 10120160520: 102 The brk and sbrk functions have been removed from libc on arm64. 103 Binutils from ports has been updated to not link to these 104 functions and should be updated to the latest version before 105 installing a new libc. 106 10720160517: 108 The armv6 port now defaults to hard float ABI. Limited support 109 for running both hardfloat and soft float on the same system 110 is available using the libraries installed with -DWITH_LIBSOFT. 111 This has only been tested as an upgrade path for installworld 112 and packages may fail or need manual intervention to run. New 113 packages will be needed. 114 115 To update an existing self-hosted armv6hf system, you must add 116 TARGET_ARCH=armv6 on the make command line for both the build 117 and the install steps. 118 11920160510: 120 Kernel modules compiled outside of a kernel build now default to 121 installing to /boot/modules instead of /boot/kernel. Many kernel 122 modules built this way (such as those in ports) already overrode 123 KMODDIR explicitly to install into /boot/modules. However, 124 manually building and installing a module from /sys/modules will 125 now install to /boot/modules instead of /boot/kernel. 126 12720160414: 128 The CAM I/O scheduler has been committed to the kernel. There should be 129 no user visible impact. This does enable NCQ Trim on ada SSDs. While the 130 list of known rogues that claim support for this but actually corrupt 131 data is believed to be complete, be on the lookout for data 132 corruption. The known rogue list is believed to be complete: 133 134 o Crucial MX100, M550 drives with MU01 firmware. 135 o Micron M510 and M550 drives with MU01 firmware. 136 o Micron M500 prior to MU07 firmware 137 o Samsung 830, 840, and 850 all firmwares 138 o FCCT M500 all firmwares 139 140 Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware 141 with working NCQ TRIM. For Micron branded drives, see your sales rep for 142 updated firmware. Black listed drives will work correctly because these 143 drives work correctly so long as no NCQ TRIMs are sent to them. Given 144 this list is the same as found in Linux, it's believed there are no 145 other rogues in the market place. All other models from the above 146 vendors work. 147 148 To be safe, if you are at all concerned, you can quirk each of your 149 drives to prevent NCQ from being sent by setting: 150 kern.cam.ada.X.quirks="0x2" 151 in loader.conf. If the drive requires the 4k sector quirk, set the 152 quirks entry to 0x3. 153 15420160330: 155 The FAST_DEPEND build option has been removed and its functionality is 156 now the one true way. The old mkdep(1) style of 'make depend' has 157 been removed. See 20160311 for further details. 158 15920160317: 160 Resource range types have grown from unsigned long to uintmax_t. All 161 drivers, and anything using libdevinfo, need to be recompiled. 162 16320160311: 164 WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree 165 builds. It no longer runs mkdep(1) during 'make depend', and the 166 'make depend' stage can safely be skipped now as it is auto ran 167 when building 'make all' and will generate all SRCS and DPSRCS before 168 building anything else. Dependencies are gathered at compile time with 169 -MF flags kept in separate .depend files per object file. Users should 170 run 'make cleandepend' once if using -DNO_CLEAN to clean out older 171 stale .depend files. 172 17320160306: 174 On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into 175 kernel modules. Therefore, if you load any kernel modules at boot time, 176 please install the boot loaders after you install the kernel, but before 177 rebooting, e.g.: 178 179 make buildworld 180 make kernel KERNCONF=YOUR_KERNEL_HERE 181 make -C sys/boot install 182 <reboot in single user> 183 184 Then follow the usual steps, described in the General Notes section, 185 below. 186 18720160305: 188 Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0. Please 189 see the 20141231 entry below for information about prerequisites and 190 upgrading, if you are not already using clang 3.5.0 or higher. 191 19220160301: 193 The AIO subsystem is now a standard part of the kernel. The 194 VFS_AIO kernel option and aio.ko kernel module have been removed. 195 Due to stability concerns, asynchronous I/O requests are only 196 permitted on sockets and raw disks by default. To enable 197 asynchronous I/O requests on all file types, set the 198 vfs.aio.enable_unsafe sysctl to a non-zero value. 199 20020160226: 201 The ELF object manipulation tool objcopy is now provided by the 202 ELF Tool Chain project rather than by GNU binutils. It should be a 203 drop-in replacement, with the addition of arm64 support. The 204 (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set 205 to obtain the GNU version if necessary. 206 20720160129: 208 Building ZFS pools on top of zvols is prohibited by default. That 209 feature has never worked safely; it's always been prone to deadlocks. 210 Using a zvol as the backing store for a VM guest's virtual disk will 211 still work, even if the guest is using ZFS. Legacy behavior can be 212 restored by setting vfs.zfs.vol.recursive=1. 213 21420160119: 215 The NONE and HPN patches has been removed from OpenSSH. They are 216 still available in the security/openssh-portable port. 217 21820160113: 219 With the addition of ypldap(8), a new _ypldap user is now required 220 during installworld. "mergemaster -p" can be used to add the user 221 prior to installworld, as documented in the handbook. 222 22320151216: 224 The tftp loader (pxeboot) now uses the option root-path directive. As a 225 consequence it no longer looks for a pxeboot.4th file on the tftp 226 server. Instead it uses the regular /boot infrastructure as with the 227 other loaders. 228 22920151211: 230 The code to start recording plug and play data into the modules has 231 been committed. While the old tools will properly build a new kernel, 232 a number of warnings about "unknown metadata record 4" will be produced 233 for an older kldxref. To avoid such warnings, make sure to rebuild 234 the kernel toolchain (or world). Make sure that you have r292078 or 235 later when trying to build 292077 or later before rebuilding. 236 23720151207: 238 Debug data files are now built by default with 'make buildworld' and 239 installed with 'make installworld'. This facilitates debugging but 240 requires more disk space both during the build and for the installed 241 world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes 242 in src.conf(5). 243 24420151130: 245 r291527 changed the internal interface between the nfsd.ko and 246 nfscommon.ko modules. As such, they must both be upgraded to-gether. 247 __FreeBSD_version has been bumped because of this. 248 24920151108: 250 Add support for unicode collation strings leads to a change of 251 order of files listed by ls(1) for example. To get back to the old 252 behaviour, set LC_COLLATE environment variable to "C". 253 254 Databases administrators will need to reindex their databases given 255 collation results will be different. 256 257 Due to a bug in install(1) it is recommended to remove the ancient 258 locales before running make installworld. 259 260 rm -rf /usr/share/locale/* 261 26220151030: 263 The OpenSSL has been upgraded to 1.0.2d. Any binaries requiring 264 libcrypto.so.7 or libssl.so.7 must be recompiled. 265 26620151020: 267 Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0. 268 Kernel modules isp_2400_multi and isp_2500_multi were removed and 269 should be replaced with isp_2400 and isp_2500 modules respectively. 270 27120151017: 272 The build previously allowed using 'make -n' to not recurse into 273 sub-directories while showing what commands would be executed, and 274 'make -n -n' to recursively show commands. Now 'make -n' will recurse 275 and 'make -N' will not. 276 27720151012: 278 If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster 279 and etcupdate will now use this file. A custom sendmail.cf is now 280 updated via this mechanism rather than via installworld. If you had 281 excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may 282 want to remove the exclusion or change it to "always install". 283 /etc/mail/sendmail.cf is now managed the same way regardless of 284 whether SENDMAIL_MC/SENDMAIL_CF is used. If you are not using 285 SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior. 286 28720151011: 288 Compatibility shims for legacy ATA device names have been removed. 289 It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases 290 and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.* 291 environment variables, /dev/ad* and /dev/ar* symbolic links. 292 29320151006: 294 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0. 295 Please see the 20141231 entry below for information about prerequisites 296 and upgrading, if you are not already using clang 3.5.0 or higher. 297 29820150924: 299 Kernel debug files have been moved to /usr/lib/debug/boot/kernel/, 300 and renamed from .symbols to .debug. This reduces the size requirements 301 on the boot partition or file system and provides consistency with 302 userland debug files. 303 304 When using the supported kernel installation method the 305 /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old) 306 as is done with /boot/kernel. 307 308 Developers wishing to maintain the historical behavior of installing 309 debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5). 310 31120150827: 312 The wireless drivers had undergone changes that remove the 'parent 313 interface' from the ifconfig -l output. The rc.d network scripts 314 used to check presence of a parent interface in the list, so old 315 scripts would fail to start wireless networking. Thus, etcupdate(3) 316 or mergemaster(8) run is required after kernel update, to update your 317 rc.d scripts in /etc. 318 31920150827: 320 pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl' 321 These configurations are now automatically interpreted as 322 'scrub fragment reassemble'. 323 32420150817: 325 Kernel-loadable modules for the random(4) device are back. To use 326 them, the kernel must have 327 328 device random 329 options RANDOM_LOADABLE 330 331 kldload(8) can then be used to load random_fortuna.ko 332 or random_yarrow.ko. Please note that due to the indirect 333 function calls that the loadable modules need to provide, 334 the build-in variants will be slightly more efficient. 335 336 The random(4) kernel option RANDOM_DUMMY has been retired due to 337 unpopularity. It was not all that useful anyway. 338 33920150813: 340 The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired. 341 Control over building the ELF Tool Chain tools is now provided by 342 the WITHOUT_TOOLCHAIN knob. 343 34420150810: 345 The polarity of Pulse Per Second (PPS) capture events with the 346 uart(4) driver has been corrected. Prior to this change the PPS 347 "assert" event corresponded to the trailing edge of a positive PPS 348 pulse and the "clear" event was the leading edge of the next pulse. 349 350 As the width of a PPS pulse in a typical GPS receiver is on the 351 order of 1 millisecond, most users will not notice any significant 352 difference with this change. 353 354 Anyone who has compensated for the historical polarity reversal by 355 configuring a negative offset equal to the pulse width will need to 356 remove that workaround. 357 35820150809: 359 The default group assigned to /dev/dri entries has been changed 360 from 'wheel' to 'video' with the id of '44'. If you want to have 361 access to the dri devices please add yourself to the video group 362 with: 363 364 # pw groupmod video -m $USER 365 36620150806: 367 The menu.rc and loader.rc files will now be replaced during 368 upgrades. Please migrate local changes to menu.rc.local and 369 loader.rc.local instead. 370 37120150805: 372 GNU Binutils versions of addr2line, c++filt, nm, readelf, size, 373 strings and strip have been removed. The src.conf(5) knob 374 WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools. 375 37620150728: 377 As ZFS requires more kernel stack pages than is the default on some 378 architectures e.g. i386, it now warns if KSTACK_PAGES is less than 379 ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing). 380 381 Please consider using 'options KSTACK_PAGES=X' where X is greater 382 than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations. 383 38420150706: 385 sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0 386 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by 387 default, i.e., they will not contain "::". For example, instead 388 of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet 389 to have a more specific match, such as different map entries for 390 IPv6:0:0 vs IPv6:0. This change requires that configuration 391 data (including maps, files, classes, custom ruleset, etc.) must 392 use the same format, so make certain such configuration data is 393 upgrading. As a very simple check search for patterns like 394 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old 395 behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or 396 the cf option UseCompressedIPv6Addresses. 397 39820150630: 399 The default kernel entropy-processing algorithm is now 400 Fortuna, replacing Yarrow. 401 402 Assuming you have 'device random' in your kernel config 403 file, the configurations allow a kernel option to override 404 this default. You may choose *ONE* of: 405 406 options RANDOM_YARROW # Legacy /dev/random algorithm. 407 options RANDOM_DUMMY # Blocking-only driver. 408 409 If you have neither, you get Fortuna. For most people, 410 read no further, Fortuna will give a /dev/random that works 411 like it always used to, and the difference will be irrelevant. 412 413 If you remove 'device random', you get *NO* kernel-processed 414 entropy at all. This may be acceptable to folks building 415 embedded systems, but has complications. Carry on reading, 416 and it is assumed you know what you need. 417 418 *PLEASE* read random(4) and random(9) if you are in the 419 habit of tweaking kernel configs, and/or if you are a member 420 of the embedded community, wanting specific and not-usual 421 behaviour from your security subsystems. 422 423 NOTE!! If you use RANDOM_DUMMY and/or have no 'device 424 random', you will NOT have a functioning /dev/random, and 425 many cryptographic features will not work, including SSH. 426 You may also find strange behaviour from the random(3) set 427 of library functions, in particular sranddev(3), srandomdev(3) 428 and arc4random(3). The reason for this is that the KERN_ARND 429 sysctl only returns entropy if it thinks it has some to 430 share, and with RANDOM_DUMMY or no 'device random' this 431 will never happen. 432 43320150623: 434 An additional fix for the issue described in the 20150614 sendmail 435 entry below has been been committed in revision 284717. 436 43720150616: 438 FreeBSD's old make (fmake) has been removed from the system. It is 439 available as the devel/fmake port or via pkg install fmake. 440 44120150615: 442 The fix for the issue described in the 20150614 sendmail entry 443 below has been been committed in revision 284436. The work 444 around described in that entry is no longer needed unless the 445 default setting is overridden by a confDH_PARAMETERS configuration 446 setting of '5' or pointing to a 512 bit DH parameter file. 447 44820150614: 449 ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from 450 atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf 451 and devel/kyua to version 0.20+ and adjust any calling code to work 452 with Kyuafile and kyua. 453 45420150614: 455 The import of openssl to address the FreeBSD-SA-15:10.openssl 456 security advisory includes a change which rejects handshakes 457 with DH parameters below 768 bits. sendmail releases prior 458 to 8.15.2 (not yet released), defaulted to a 512 bit 459 DH parameter setting for client connections. To work around 460 this interoperability, sendmail can be configured to use a 461 2048 bit DH parameter by: 462 463 1. Edit /etc/mail/`hostname`.mc 464 2. If a setting for confDH_PARAMETERS does not exist or 465 exists and is set to a string beginning with '5', 466 replace it with '2'. 467 3. If a setting for confDH_PARAMETERS exists and is set to 468 a file path, create a new file with: 469 openssl dhparam -out /path/to/file 2048 470 4. Rebuild the .cf file: 471 cd /etc/mail/; make; make install 472 5. Restart sendmail: 473 cd /etc/mail/; make restart 474 475 A sendmail patch is coming, at which time this file will be 476 updated. 477 47820150604: 479 Generation of legacy formatted entries have been disabled by default 480 in pwd_mkdb(8), as all base system consumers of the legacy formatted 481 entries were converted to use the new format by default when the new, 482 machine independent format have been added and supported since FreeBSD 483 5.x. 484 485 Please see the pwd_mkdb(8) manual page for further details. 486 48720150525: 488 Clang and llvm have been upgraded to 3.6.1 release. Please see the 489 20141231 entry below for information about prerequisites and upgrading, 490 if you are not already using 3.5.0 or higher. 491 49220150521: 493 TI platform code switched to using vendor DTS files and this update 494 may break existing systems running on Beaglebone, Beaglebone Black, 495 and Pandaboard: 496 497 - dtb files should be regenerated/reinstalled. Filenames are the 498 same but content is different now 499 - GPIO addressing was changed, now each GPIO bank (32 pins per bank) 500 has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old 501 addressing scheme is now pin 25 on /dev/gpioc3. 502 - Pandaboard: /etc/ttys should be updated, serial console device is 503 now /dev/ttyu2, not /dev/ttyu0 504 50520150501: 506 soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim. 507 If you need the GNU extension from groff soelim(1), install groff 508 from package: pkg install groff, or via ports: textproc/groff. 509 51020150423: 511 chmod, chflags, chown and chgrp now affect symlinks in -R mode as 512 defined in symlink(7); previously symlinks were silently ignored. 513 51420150415: 515 The const qualifier has been removed from iconv(3) to comply with 516 POSIX. The ports tree is aware of this from r384038 onwards. 517 51820150416: 519 Libraries specified by LIBADD in Makefiles must have a corresponding 520 DPADD_<lib> variable to ensure correct dependencies. This is now 521 enforced in src.libnames.mk. 522 52320150324: 524 From legacy ata(4) driver was removed support for SATA controllers 525 supported by more functional drivers ahci(4), siis(4) and mvs(4). 526 Kernel modules ataahci and ataadaptec were removed completely, 527 replaced by ahci and mvs modules respectively. 528 52920150315: 530 Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see 531 the 20141231 entry below for information about prerequisites and 532 upgrading, if you are not already using 3.5.0 or higher. 533 53420150307: 535 The 32-bit PowerPC kernel has been changed to a position-independent 536 executable. This can only be booted with a version of loader(8) 537 newer than January 31, 2015, so make sure to update both world and 538 kernel before rebooting. 539 54020150217: 541 If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014), 542 but before r278950, the RNG was not seeded properly. Immediately 543 upgrade the kernel to r278950 or later and regenerate any keys (e.g. 544 ssh keys or openssl keys) that were generated w/ a kernel from that 545 range. This does not affect programs that directly used /dev/random 546 or /dev/urandom. All userland uses of arc4random(3) are affected. 547 54820150210: 549 The autofs(4) ABI was changed in order to restore binary compatibility 550 with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work 551 with the new kernel. 552 55320150131: 554 The powerpc64 kernel has been changed to a position-independent 555 executable. This can only be booted with a new version of loader(8), 556 so make sure to update both world and kernel before rebooting. 557 55820150118: 559 Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix 560 only release, no new features have been added. Please see the 20141231 561 entry below for information about prerequisites and upgrading, if you 562 are not already using 3.5.0. 563 56420150107: 565 ELF tools addr2line, elfcopy (strip), nm, size, and strings are now 566 taken from the ELF Tool Chain project rather than GNU binutils. They 567 should be drop-in replacements, with the addition of arm64 support. 568 The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the 569 binutils tools, if necessary. See 20150805 for updated information. 570 57120150105: 572 The default Unbound configuration now enables remote control 573 using a local socket. Users who have already enabled the 574 local_unbound service should regenerate their configuration 575 by running "service local_unbound setup" as root. 576 57720150102: 578 The GNU texinfo and GNU info pages have been removed. 579 To be able to view GNU info pages please install texinfo from ports. 580 58120141231: 582 Clang, llvm and lldb have been upgraded to 3.5.0 release. 583 584 As of this release, a prerequisite for building clang, llvm and lldb is 585 a C++11 capable compiler and C++11 standard library. This means that to 586 be able to successfully build the cross-tools stage of buildworld, with 587 clang as the bootstrap compiler, your system compiler or cross compiler 588 should either be clang 3.3 or later, or gcc 4.8 or later, and your 589 system C++ library should be libc++, or libdstdc++ from gcc 4.8 or 590 later. 591 592 On any standard FreeBSD 10.x or 11.x installation, where clang and 593 libc++ are on by default (that is, on x86 or arm), this should work out 594 of the box. 595 596 On 9.x installations where clang is enabled by default, e.g. on x86 and 597 powerpc, libc++ will not be enabled by default, so libc++ should be 598 built (with clang) and installed first. If both clang and libc++ are 599 missing, build clang first, then use it to build libc++. 600 601 On 8.x and earlier installations, upgrade to 9.x first, and then follow 602 the instructions for 9.x above. 603 604 Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by 605 default, and do not build clang. 606 607 Many embedded systems are resource constrained, and will not be able to 608 build clang in a reasonable time, or in some cases at all. In those 609 cases, cross building bootable systems on amd64 is a workaround. 610 611 This new version of clang introduces a number of new warnings, of which 612 the following are most likely to appear: 613 614 -Wabsolute-value 615 616 This warns in two cases, for both C and C++: 617 * When the code is trying to take the absolute value of an unsigned 618 quantity, which is effectively a no-op, and almost never what was 619 intended. The code should be fixed, if at all possible. If you are 620 sure that the unsigned quantity can be safely cast to signed, without 621 loss of information or undefined behavior, you can add an explicit 622 cast, or disable the warning. 623 624 * When the code is trying to take an absolute value, but the called 625 abs() variant is for the wrong type, which can lead to truncation. 626 If you want to disable the warning instead of fixing the code, please 627 make sure that truncation will not occur, or it might lead to unwanted 628 side-effects. 629 630 -Wtautological-undefined-compare and 631 -Wundefined-bool-conversion 632 633 These warn when C++ code is trying to compare 'this' against NULL, while 634 'this' should never be NULL in well-defined C++ code. However, there is 635 some legacy (pre C++11) code out there, which actively abuses this 636 feature, which was less strictly defined in previous C++ versions. 637 638 Squid and openjdk do this, for example. The warning can be turned off 639 for C++98 and earlier, but compiling the code in C++11 mode might result 640 in unexpected behavior; for example, the parts of the program that are 641 unreachable could be optimized away. 642 64320141222: 644 The old NFS client and server (kernel options NFSCLIENT, NFSSERVER) 645 kernel sources have been removed. The .h files remain, since some 646 utilities include them. This will need to be fixed later. 647 If "mount -t oldnfs ..." is attempted, it will fail. 648 If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used, 649 the utilities will report errors. 650 65120141121: 652 The handling of LOCAL_LIB_DIRS has been altered to skip addition of 653 directories to top level SUBDIR variable when their parent 654 directory is included in LOCAL_DIRS. Users with build systems with 655 such hierarchies and without SUBDIR entries in the parent 656 directory Makefiles should add them or add the directories to 657 LOCAL_DIRS. 658 65920141109: 660 faith(4) and faithd(8) have been removed from the base system. Faith 661 has been obsolete for a very long time. 662 66320141104: 664 vt(4), the new console driver, is enabled by default. It brings 665 support for Unicode and double-width characters, as well as 666 support for UEFI and integration with the KMS kernel video 667 drivers. 668 669 You may need to update your console settings in /etc/rc.conf, 670 most probably the keymap. During boot, /etc/rc.d/syscons will 671 indicate what you need to do. 672 673 vt(4) still has issues and lacks some features compared to 674 syscons(4). See the wiki for up-to-date information: 675 https://wiki.freebsd.org/Newcons 676 677 If you want to keep using syscons(4), you can do so by adding 678 the following line to /boot/loader.conf: 679 kern.vty=sc 680 68120141102: 682 pjdfstest has been integrated into kyua as an opt-in test suite. 683 Please see share/doc/pjdfstest/README for more details on how to 684 execute it. 685 68620141009: 687 gperf has been removed from the base system for architectures 688 that use clang. Ports that require gperf will obtain it from the 689 devel/gperf port. 690 69120140923: 692 pjdfstest has been moved from tools/regression/pjdfstest to 693 contrib/pjdfstest . 694 69520140922: 696 At svn r271982, The default linux compat kernel ABI has been adjusted 697 to 2.6.18 in support of the linux-c6 compat ports infrastructure 698 update. If you wish to continue using the linux-f10 compat ports, 699 add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are 700 encouraged to update their linux-compat packages to linux-c6 during 701 their next update cycle. 702 70320140729: 704 The ofwfb driver, used to provide a graphics console on PowerPC when 705 using vt(4), no longer allows mmap() of all physical memory. This 706 will prevent Xorg on PowerPC with some ATI graphics cards from 707 initializing properly unless x11-servers/xorg-server is updated to 708 1.12.4_8 or newer. 709 71020140723: 711 The xdev targets have been converted to using TARGET and 712 TARGET_ARCH instead of XDEV and XDEV_ARCH. 713 71420140719: 715 The default unbound configuration has been modified to address 716 issues with reverse lookups on networks that use private 717 address ranges. If you use the local_unbound service, run 718 "service local_unbound setup" as root to regenerate your 719 configuration, then "service local_unbound reload" to load the 720 new configuration. 721 72220140709: 723 The GNU texinfo and GNU info pages are not built and installed 724 anymore, WITH_INFO knob has been added to allow to built and install 725 them again. 726 UPDATE: see 20150102 entry on texinfo's removal 727 72820140708: 729 The GNU readline library is now an INTERNALLIB - that is, it is 730 statically linked into consumers (GDB and variants) in the base 731 system, and the shared library is no longer installed. The 732 devel/readline port is available for third party software that 733 requires readline. 734 73520140702: 736 The Itanium architecture (ia64) has been removed from the list of 737 known architectures. This is the first step in the removal of the 738 architecture. 739 74020140701: 741 Commit r268115 has added NFSv4.1 server support, merged from 742 projects/nfsv4.1-server. Since this includes changes to the 743 internal interfaces between the NFS related modules, a full 744 build of the kernel and modules will be necessary. 745 __FreeBSD_version has been bumped. 746 74720140629: 748 The WITHOUT_VT_SUPPORT kernel config knob has been renamed 749 WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning 750 which differs from the behaviour controlled by this knob.) 751 75220140619: 753 Maximal length of the serial number in CTL was increased from 16 to 754 64 chars, that breaks ABI. All CTL-related tools, such as ctladm 755 and ctld, need to be rebuilt to work with a new kernel. 756 75720140606: 758 The libatf-c and libatf-c++ major versions were downgraded to 0 and 759 1 respectively to match the upstream numbers. They were out of 760 sync because, when they were originally added to FreeBSD, the 761 upstream versions were not respected. These libraries are private 762 and not yet built by default, so renumbering them should be a 763 non-issue. However, unclean source trees will yield broken test 764 programs once the operator executes "make delete-old-libs" after a 765 "make installworld". 766 767 Additionally, the atf-sh binary was made private by moving it into 768 /usr/libexec/. Already-built shell test programs will keep the 769 path to the old binary so they will break after "make delete-old" 770 is run. 771 772 If you are using WITH_TESTS=yes (not the default), wipe the object 773 tree and rebuild from scratch to prevent spurious test failures. 774 This is only needed once: the misnumbered libraries and misplaced 775 binaries have been added to OptionalObsoleteFiles.inc so they will 776 be removed during a clean upgrade. 777 77820140512: 779 Clang and llvm have been upgraded to 3.4.1 release. 780 78120140508: 782 We bogusly installed src.opts.mk in /usr/share/mk. This file should 783 be removed to avoid issues in the future (and has been added to 784 ObsoleteFiles.inc). 785 78620140505: 787 /etc/src.conf now affects only builds of the FreeBSD src tree. In the 788 past, it affected all builds that used the bsd.*.mk files. The old 789 behavior was a bug, but people may have relied upon it. To get this 790 behavior back, you can .include /etc/src.conf from /etc/make.conf 791 (which is still global and isn't changed). This also changes the 792 behavior of incremental builds inside the tree of individual 793 directories. Set MAKESYSPATH to ".../share/mk" to do that. 794 Although this has survived make universe and some upgrade scenarios, 795 other upgrade scenarios may have broken. At least one form of 796 temporary breakage was fixed with MAKESYSPATH settings for buildworld 797 as well... In cases where MAKESYSPATH isn't working with this 798 setting, you'll need to set it to the full path to your tree. 799 800 One side effect of all this cleaning up is that bsd.compiler.mk 801 is no longer implicitly included by bsd.own.mk. If you wish to 802 use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk 803 as well. 804 80520140430: 806 The lindev device has been removed since /dev/full has been made a 807 standard device. __FreeBSD_version has been bumped. 808 80920140424: 810 The knob WITHOUT_VI was added to the base system, which controls 811 building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1) 812 in order to reorder files share/termcap and didn't build ex(1) as a 813 build tool, so building/installing with WITH_VI is highly advised for 814 build hosts for older releases. 815 816 This issue has been fixed in stable/9 and stable/10 in r277022 and 817 r276991, respectively. 818 81920140418: 820 The YES_HESIOD knob has been removed. It has been obsolete for 821 a decade. Please move to using WITH_HESIOD instead or your builds 822 will silently lack HESIOD. 823 82420140405: 825 The uart(4) driver has been changed with respect to its handling 826 of the low-level console. Previously the uart(4) driver prevented 827 any process from changing the baudrate or the CLOCAL and HUPCL 828 control flags. By removing the restrictions, operators can make 829 changes to the serial console port without having to reboot. 830 However, when getty(8) is started on the serial device that is 831 associated with the low-level console, a misconfigured terminal 832 line in /etc/ttys will now have a real impact. 833 Before upgrading the kernel, make sure that /etc/ttys has the 834 serial console device configured as 3wire without baudrate to 835 preserve the previous behaviour. E.g: 836 ttyu0 "/usr/libexec/getty 3wire" vt100 on secure 837 83820140306: 839 Support for libwrap (TCP wrappers) in rpcbind was disabled by default 840 to improve performance. To re-enable it, if needed, run rpcbind 841 with command line option -W. 842 84320140226: 844 Switched back to the GPL dtc compiler due to updates in the upstream 845 dts files not being supported by the BSDL dtc compiler. You will need 846 to rebuild your kernel toolchain to pick up the new compiler. Core dumps 847 may result while building dtb files during a kernel build if you fail 848 to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler. 849 85020140216: 851 Clang and llvm have been upgraded to 3.4 release. 852 85320140216: 854 The nve(4) driver has been removed. Please use the nfe(4) driver 855 for NVIDIA nForce MCP Ethernet adapters instead. 856 85720140212: 858 An ABI incompatibility crept into the libc++ 3.4 import in r261283. 859 This could cause certain C++ applications using shared libraries built 860 against the previous version of libc++ to crash. The incompatibility 861 has now been fixed, but any C++ applications or shared libraries built 862 between r261283 and r261801 should be recompiled. 863 86420140204: 865 OpenSSH will now ignore errors caused by kernel lacking of Capsicum 866 capability mode support. Please note that enabling the feature in 867 kernel is still highly recommended. 868 86920140131: 870 OpenSSH is now built with sandbox support, and will use sandbox as 871 the default privilege separation method. This requires Capsicum 872 capability mode support in kernel. 873 87420140128: 875 The libelf and libdwarf libraries have been updated to newer 876 versions from upstream. Shared library version numbers for 877 these two libraries were bumped. Any ports or binaries 878 requiring these two libraries should be recompiled. 879 __FreeBSD_version is bumped to 1100006. 880 88120140110: 882 If a Makefile in a tests/ directory was auto-generating a Kyuafile 883 instead of providing an explicit one, this would prevent such 884 Makefile from providing its own Kyuafile in the future during 885 NO_CLEAN builds. This has been fixed in the Makefiles but manual 886 intervention is needed to clean an objdir if you use NO_CLEAN: 887 # find /usr/obj -name Kyuafile | xargs rm -f 888 88920131213: 890 The behavior of gss_pseudo_random() for the krb5 mechanism 891 has changed, for applications requesting a longer random string 892 than produced by the underlying enctype's pseudo-random() function. 893 In particular, the random string produced from a session key of 894 enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will 895 be different at the 17th octet and later, after this change. 896 The counter used in the PRF+ construction is now encoded as a 897 big-endian integer in accordance with RFC 4402. 898 __FreeBSD_version is bumped to 1100004. 899 90020131108: 901 The WITHOUT_ATF build knob has been removed and its functionality 902 has been subsumed into the more generic WITHOUT_TESTS. If you were 903 using the former to disable the build of the ATF libraries, you 904 should change your settings to use the latter. 905 90620131025: 907 The default version of mtree is nmtree which is obtained from 908 NetBSD. The output is generally the same, but may vary 909 slightly. If you found you need identical output adding 910 "-F freebsd9" to the command line should do the trick. For the 911 time being, the old mtree is available as fmtree. 912 91320131014: 914 libbsdyml has been renamed to libyaml and moved to /usr/lib/private. 915 This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg 916 1.1.4_8 and verify bsdyml not linked in, before running "make 917 delete-old-libs": 918 # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean 919 or 920 # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml 921 92220131010: 923 The stable/10 branch has been created in subversion from head 924 revision r256279. 925 92620131010: 927 The rc.d/jail script has been updated to support jail(8) 928 configuration file. The "jail_<jname>_*" rc.conf(5) variables 929 for per-jail configuration are automatically converted to 930 /var/run/jail.<jname>.conf before the jail(8) utility is invoked. 931 This is transparently backward compatible. See below about some 932 incompatibilities and rc.conf(5) manual page for more details. 933 934 These variables are now deprecated in favor of jail(8) configuration 935 file. One can use "rc.d/jail config <jname>" command to generate 936 a jail(8) configuration file in /var/run/jail.<jname>.conf without 937 running the jail(8) utility. The default pathname of the 938 configuration file is /etc/jail.conf and can be specified by 939 using $jail_conf or $jail_<jname>_conf variables. 940 941 Please note that jail_devfs_ruleset accepts an integer at 942 this moment. Please consider to rewrite the ruleset name 943 with an integer. 944 94520130930: 946 BIND has been removed from the base system. If all you need 947 is a local resolver, simply enable and start the local_unbound 948 service instead. Otherwise, several versions of BIND are 949 available in the ports tree. The dns/bind99 port is one example. 950 951 With this change, nslookup(1) and dig(1) are no longer in the base 952 system. Users should instead use host(1) and drill(1) which are 953 in the base system. Alternatively, nslookup and dig can 954 be obtained by installing the dns/bind-tools port. 955 95620130916: 957 With the addition of unbound(8), a new unbound user is now 958 required during installworld. "mergemaster -p" can be used to 959 add the user prior to installworld, as documented in the handbook. 960 96120130911: 962 OpenSSH is now built with DNSSEC support, and will by default 963 silently trust signed SSHFP records. This can be controlled with 964 the VerifyHostKeyDNS client configuration setting. DNSSEC support 965 can be disabled entirely with the WITHOUT_LDNS option in src.conf. 966 96720130906: 968 The GNU Compiler Collection and C++ standard library (libstdc++) 969 are no longer built by default on platforms where clang is the system 970 compiler. You can enable them with the WITH_GCC and WITH_GNUCXX 971 options in src.conf. 972 97320130905: 974 The PROCDESC kernel option is now part of the GENERIC kernel 975 configuration and is required for the rwhod(8) to work. 976 If you are using custom kernel configuration, you should include 977 'options PROCDESC'. 978 97920130905: 980 The API and ABI related to the Capsicum framework was modified 981 in backward incompatible way. The userland libraries and programs 982 have to be recompiled to work with the new kernel. This includes the 983 following libraries and programs, but the whole buildworld is 984 advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl, 985 kdump, procstat, rwho, rwhod, uniq. 986 98720130903: 988 AES-NI intrinsic support has been added to gcc. The AES-NI module 989 has been updated to use this support. A new gcc is required to build 990 the aesni module on both i386 and amd64. 991 99220130821: 993 The PADLOCK_RNG and RDRAND_RNG kernel options are now devices. 994 Thus "device padlock_rng" and "device rdrand_rng" should be 995 used instead of "options PADLOCK_RNG" & "options RDRAND_RNG". 996 99720130813: 998 WITH_ICONV has been split into two feature sets. WITH_ICONV now 999 enables just the iconv* functionality and is now on by default. 1000 WITH_LIBICONV_COMPAT enables the libiconv api and link time 1001 compatibility. Set WITHOUT_ICONV to build the old way. 1002 If you have been using WITH_ICONV before, you will very likely 1003 need to turn on WITH_LIBICONV_COMPAT. 1004 100520130806: 1006 INVARIANTS option now enables DEBUG for code with OpenSolaris and 1007 Illumos origin, including ZFS. If you have INVARIANTS in your 1008 kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG 1009 explicitly. 1010 DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS) 1011 locks if WITNESS option was set. Because that generated a lot of 1012 witness(9) reports and all of them were believed to be false 1013 positives, this is no longer done. New option OPENSOLARIS_WITNESS 1014 can be used to achieve the previous behavior. 1015 101620130806: 1017 Timer values in IPv6 data structures now use time_uptime instead 1018 of time_second. Although this is not a user-visible functional 1019 change, userland utilities which directly use them---ndp(8), 1020 rtadvd(8), and rtsold(8) in the base system---need to be updated 1021 to r253970 or later. 1022 102320130802: 1024 find -delete can now delete the pathnames given as arguments, 1025 instead of only files found below them or if the pathname did 1026 not contain any slashes. Formerly, the following error message 1027 would result: 1028 1029 find: -delete: <path>: relative path potentially not safe 1030 1031 Deleting the pathnames given as arguments can be prevented 1032 without error messages using -mindepth 1 or by changing 1033 directory and passing "." as argument to find. This works in the 1034 old as well as the new version of find. 1035 103620130726: 1037 Behavior of devfs rules path matching has been changed. 1038 Pattern is now always matched against fully qualified devfs 1039 path and slash characters must be explicitly matched by 1040 slashes in pattern (FNM_PATHNAME). Rulesets involving devfs 1041 subdirectories must be reviewed. 1042 104320130716: 1044 The default ARM ABI has changed to the ARM EABI. The old ABI is 1045 incompatible with the ARM EABI and all programs and modules will 1046 need to be rebuilt to work with a new kernel. 1047 1048 To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set. 1049 1050 NOTE: Support for the old ABI will be removed in the future and 1051 users are advised to upgrade. 1052 105320130709: 1054 pkg_install has been disconnected from the build if you really need it 1055 you should add WITH_PKGTOOLS in your src.conf(5). 1056 105720130709: 1058 Most of network statistics structures were changed to be able 1059 keep 64-bits counters. Thus all tools, that work with networking 1060 statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.) 1061 106220130618: 1063 Fix a bug that allowed a tracing process (e.g. gdb) to write 1064 to a memory-mapped file in the traced process's address space 1065 even if neither the traced process nor the tracing process had 1066 write access to that file. 1067 106820130615: 1069 CVS has been removed from the base system. An exact copy 1070 of the code is available from the devel/cvs port. 1071 107220130613: 1073 Some people report the following error after the switch to bmake: 1074 1075 make: illegal option -- J 1076 usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable] 1077 ... 1078 *** [buildworld] Error code 2 1079 1080 this likely due to an old instance of make in 1081 ${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE}) 1082 which src/Makefile will use that blindly, if it exists, so if 1083 you see the above error: 1084 1085 rm -rf `make -V MAKEPATH` 1086 1087 should resolve it. 1088 108920130516: 1090 Use bmake by default. 1091 Whereas before one could choose to build with bmake via 1092 -DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old 1093 make. The goal is to remove these knobs for 10-RELEASE. 1094 1095 It is worth noting that bmake (like gmake) treats the command 1096 line as the unit of failure, rather than statements within the 1097 command line. Thus '(cd some/where && dosomething)' is safer 1098 than 'cd some/where; dosomething'. The '()' allows consistent 1099 behavior in parallel build. 1100 110120130429: 1102 Fix a bug that allows NFS clients to issue READDIR on files. 1103 110420130426: 1105 The WITHOUT_IDEA option has been removed because 1106 the IDEA patent expired. 1107 110820130426: 1109 The sysctl which controls TRIM support under ZFS has been renamed 1110 from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been 1111 enabled by default. 1112 111320130425: 1114 The mergemaster command now uses the default MAKEOBJDIRPREFIX 1115 rather than creating it's own in the temporary directory in 1116 order allow access to bootstrapped versions of tools such as 1117 install and mtree. When upgrading from version of FreeBSD where 1118 the install command does not support -l, you will need to 1119 install a new mergemaster command if mergemaster -p is required. 1120 This can be accomplished with the command (cd src/usr.sbin/mergemaster 1121 && make install). 1122 112320130404: 1124 Legacy ATA stack, disabled and replaced by new CAM-based one since 1125 FreeBSD 9.0, completely removed from the sources. Kernel modules 1126 atadisk and atapi*, user-level tools atacontrol and burncd are 1127 removed. Kernel option `options ATA_CAM` is now permanently enabled 1128 and removed. 1129 113020130319: 1131 SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2) 1132 and socketpair(2). Software, in particular Kerberos, may 1133 automatically detect and use these during building. The resulting 1134 binaries will not work on older kernels. 1135 113620130308: 1137 CTL_DISABLE has also been added to the sparc64 GENERIC (for further 1138 information, see the respective 20130304 entry). 1139 114020130304: 1141 Recent commits to callout(9) changed the size of struct callout, 1142 so the KBI is probably heavily disturbed. Also, some functions 1143 in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced 1144 by macros. Every kernel module using it won't load, so rebuild 1145 is requested. 1146 1147 The ctl device has been re-enabled in GENERIC for i386 and amd64, 1148 but does not initialize by default (because of the new CTL_DISABLE 1149 option) to save memory. To re-enable it, remove the CTL_DISABLE 1150 option from the kernel config file or set kern.cam.ctl.disable=0 1151 in /boot/loader.conf. 1152 115320130301: 1154 The ctl device has been disabled in GENERIC for i386 and amd64. 1155 This was done due to the extra memory being allocated at system 1156 initialisation time by the ctl driver which was only used if 1157 a CAM target device was created. This makes a FreeBSD system 1158 unusable on 128MB or less of RAM. 1159 116020130208: 1161 A new compression method (lz4) has been merged to -HEAD. Please 1162 refer to zpool-features(7) for more information. 1163 1164 Please refer to the "ZFS notes" section of this file for information 1165 on upgrading boot ZFS pools. 1166 116720130129: 1168 A BSD-licensed patch(1) variant has been added and is installed 1169 as bsdpatch, being the GNU version the default patch. 1170 To inverse the logic and use the BSD-licensed one as default, 1171 while having the GNU version installed as gnupatch, rebuild 1172 and install world with the WITH_BSD_PATCH knob set. 1173 117420130121: 1175 Due to the use of the new -l option to install(1) during build 1176 and install, you must take care not to directly set the INSTALL 1177 make variable in your /etc/make.conf, /etc/src.conf, or on the 1178 command line. If you wish to use the -C flag for all installs 1179 you may be able to add INSTALL+=-C to /etc/make.conf or 1180 /etc/src.conf. 1181 118220130118: 1183 The install(1) option -M has changed meaning and now takes an 1184 argument that is a file or path to append logs to. In the 1185 unlikely event that -M was the last option on the command line 1186 and the command line contained at least two files and a target 1187 directory the first file will have logs appended to it. The -M 1188 option served little practical purpose in the last decade so its 1189 use is expected to be extremely rare. 1190 119120121223: 1192 After switching to Clang as the default compiler some users of ZFS 1193 on i386 systems started to experience stack overflow kernel panics. 1194 Please consider using 'options KSTACK_PAGES=4' in such configurations. 1195 119620121222: 1197 GEOM_LABEL now mangles label names read from file system metadata. 1198 Mangling affect labels containing spaces, non-printable characters, 1199 '%' or '"'. Device names in /etc/fstab and other places may need to 1200 be updated. 1201 120220121217: 1203 By default, only the 10 most recent kernel dumps will be saved. To 1204 restore the previous behaviour (no limit on the number of kernel dumps 1205 stored in the dump directory) add the following line to /etc/rc.conf: 1206 1207 savecore_flags="" 1208 120920121201: 1210 With the addition of auditdistd(8), a new auditdistd user is now 1211 required during installworld. "mergemaster -p" can be used to 1212 add the user prior to installworld, as documented in the handbook. 1213 121420121117: 1215 The sin6_scope_id member variable in struct sockaddr_in6 is now 1216 filled by the kernel before passing the structure to the userland via 1217 sysctl or routing socket. This means the KAME-specific embedded scope 1218 id in sin6_addr.s6_addr[2] is always cleared in userland application. 1219 This behavior can be controlled by net.inet6.ip6.deembed_scopeid. 1220 __FreeBSD_version is bumped to 1000025. 1221 122220121105: 1223 On i386 and amd64 systems WITH_CLANG_IS_CC is now the default. 1224 This means that the world and kernel will be compiled with clang 1225 and that clang will be installed as /usr/bin/cc, /usr/bin/c++, 1226 and /usr/bin/cpp. To disable this behavior and revert to building 1227 with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions 1228 of current may need to bootstrap WITHOUT_CLANG first if the clang 1229 build fails (its compatibility window doesn't extend to the 9 stable 1230 branch point). 1231 123220121102: 1233 The IPFIREWALL_FORWARD kernel option has been removed. Its 1234 functionality now turned on by default. 1235 123620121023: 1237 The ZERO_COPY_SOCKET kernel option has been removed and 1238 split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP. 1239 NB: SOCKET_SEND_COW uses the VM page based copy-on-write 1240 mechanism which is not safe and may result in kernel crashes. 1241 NB: The SOCKET_RECV_PFLIP mechanism is useless as no current 1242 driver supports disposeable external page sized mbuf storage. 1243 Proper replacements for both zero-copy mechanisms are under 1244 consideration and will eventually lead to complete removal 1245 of the two kernel options. 1246 124720121023: 1248 The IPv4 network stack has been converted to network byte 1249 order. The following modules need to be recompiled together 1250 with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4), 1251 pf(4), ipfw(4), ng_ipfw(4), stf(4). 1252 125320121022: 1254 Support for non-MPSAFE filesystems was removed from VFS. The 1255 VFS_VERSION was bumped, all filesystem modules shall be 1256 recompiled. 1257 125820121018: 1259 All the non-MPSAFE filesystems have been disconnected from 1260 the build. The full list includes: codafs, hpfs, ntfs, nwfs, 1261 portalfs, smbfs, xfs. 1262 126320121016: 1264 The interface cloning API and ABI has changed. The following 1265 modules need to be recompiled together with kernel: 1266 ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4), 1267 vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4), 1268 faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4). 1269 127020121015: 1271 The sdhci driver was split in two parts: sdhci (generic SD Host 1272 Controller logic) and sdhci_pci (actual hardware driver). 1273 No kernel config modifications are required, but if you 1274 load sdhc as a module you must switch to sdhci_pci instead. 1275 127620121014: 1277 Import the FUSE kernel and userland support into base system. 1278 127920121013: 1280 The GNU sort(1) program has been removed since the BSD-licensed 1281 sort(1) has been the default for quite some time and no serious 1282 problems have been reported. The corresponding WITH_GNU_SORT 1283 knob has also gone. 1284 128520121006: 1286 The pfil(9) API/ABI for AF_INET family has been changed. Packet 1287 filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled 1288 with new kernel. 1289 129020121001: 1291 The net80211(4) ABI has been changed to allow for improved driver 1292 PS-POLL and power-save support. All wireless drivers need to be 1293 recompiled to work with the new kernel. 1294 129520120913: 1296 The random(4) support for the VIA hardware random number 1297 generator (`PADLOCK') is no longer enabled unconditionally. 1298 Add the padlock_rng device in the custom kernel config if 1299 needed. The GENERIC kernels on i386 and amd64 do include the 1300 device, so the change only affects the custom kernel 1301 configurations. 1302 130320120908: 1304 The pf(4) packet filter ABI has been changed. pfctl(8) and 1305 snmp_pf module need to be recompiled to work with new kernel. 1306 130720120828: 1308 A new ZFS feature flag "com.delphix:empty_bpobj" has been merged 1309 to -HEAD. Pools that have empty_bpobj in active state can not be 1310 imported read-write with ZFS implementations that do not support 1311 this feature. For more information read the zpool-features(5) 1312 manual page. 1313 131420120727: 1315 The sparc64 ZFS loader has been changed to no longer try to auto- 1316 detect ZFS providers based on diskN aliases but now requires these 1317 to be explicitly listed in the OFW boot-device environment variable. 1318 131920120712: 1320 The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring 1321 libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are 1322 configuration changes. Make sure to merge /etc/ssl/openssl.cnf. 1323 132420120712: 1325 The following sysctls and tunables have been renamed for consistency 1326 with other variables: 1327 kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered 1328 kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered 1329 133020120628: 1331 The sort utility has been replaced with BSD sort. For now, GNU sort 1332 is also available as "gnusort" or the default can be set back to 1333 GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be 1334 installed as "bsdsort". 1335 133620120611: 1337 A new version of ZFS (pool version 5000) has been merged to -HEAD. 1338 Starting with this version the old system of ZFS pool versioning 1339 is superseded by "feature flags". This concept enables forward 1340 compatibility against certain future changes in functionality of ZFS 1341 pools. The first read-only compatible "feature flag" for ZFS pools 1342 is named "com.delphix:async_destroy". For more information 1343 read the new zpool-features(5) manual page. 1344 Please refer to the "ZFS notes" section of this file for information 1345 on upgrading boot ZFS pools. 1346 134720120417: 1348 The malloc(3) implementation embedded in libc now uses sources imported 1349 as contrib/jemalloc. The most disruptive API change is to 1350 /etc/malloc.conf. If your system has an old-style /etc/malloc.conf, 1351 delete it prior to installworld, and optionally re-create it using the 1352 new format after rebooting. See malloc.conf(5) for details 1353 (specifically the TUNING section and the "opt.*" entries in the MALLCTL 1354 NAMESPACE section). 1355 135620120328: 1357 Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb 1358 is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is 1359 now spelled mips. This is to aid compatibility with third-party 1360 software that expects this naming scheme in uname(3). Little-endian 1361 settings are unchanged. If you are updating a big-endian mips64 machine 1362 from before this change, you may need to set MACHINE_ARCH=mips64 in 1363 your environment before the new build system will recognize your machine. 1364 136520120306: 1366 Disable by default the option VFS_ALLOW_NONMPSAFE for all supported 1367 platforms. 1368 136920120229: 1370 Now unix domain sockets behave "as expected" on nullfs(5). Previously 1371 nullfs(5) did not pass through all behaviours to the underlying layer, 1372 as a result if we bound to a socket on the lower layer we could connect 1373 only to the lower path; if we bound to the upper layer we could connect 1374 only to the upper path. The new behavior is one can connect to both the 1375 lower and the upper paths regardless what layer path one binds to. 1376 137720120211: 1378 The getifaddrs upgrade path broken with 20111215 has been restored. 1379 If you have upgraded in between 20111215 and 20120209 you need to 1380 recompile libc again with your kernel. You still need to recompile 1381 world to be able to configure CARP but this restriction already 1382 comes from 20111215. 1383 138420120114: 1385 The set_rcvar() function has been removed from /etc/rc.subr. All 1386 base and ports rc.d scripts have been updated, so if you have a 1387 port installed with a script in /usr/local/etc/rc.d you can either 1388 hand-edit the rcvar= line, or reinstall the port. 1389 1390 An easy way to handle the mass-update of /etc/rc.d: 1391 rm /etc/rc.d/* && mergemaster -i 1392 139320120109: 1394 panic(9) now stops other CPUs in the SMP systems, disables interrupts 1395 on the current CPU and prevents other threads from running. 1396 This behavior can be reverted using the kern.stop_scheduler_on_panic 1397 tunable/sysctl. 1398 The new behavior can be incompatible with kern.sync_on_panic. 1399 140020111215: 1401 The carp(4) facility has been changed significantly. Configuration 1402 of the CARP protocol via ifconfig(8) has changed, as well as format 1403 of CARP events submitted to devd(8) has changed. See manual pages 1404 for more information. The arpbalance feature of carp(4) is currently 1405 not supported anymore. 1406 1407 Size of struct in_aliasreq, struct in6_aliasreq has changed. User 1408 utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8), 1409 need to be recompiled. 1410 141120111122: 1412 The acpi_wmi(4) status device /dev/wmistat has been renamed to 1413 /dev/wmistat0. 1414 141520111108: 1416 The option VFS_ALLOW_NONMPSAFE option has been added in order to 1417 explicitely support non-MPSAFE filesystems. 1418 It is on by default for all supported platform at this present 1419 time. 1420 142120111101: 1422 The broken amd(4) driver has been replaced with esp(4) in the amd64, 1423 i386 and pc98 GENERIC kernel configuration files. 1424 142520110930: 1426 sysinstall has been removed 1427 142820110923: 1429 The stable/9 branch created in subversion. This corresponds to the 1430 RELENG_9 branch in CVS. 1431 1432COMMON ITEMS: 1433 1434 General Notes 1435 ------------- 1436 Avoid using make -j when upgrading. While generally safe, there are 1437 sometimes problems using -j to upgrade. If your upgrade fails with 1438 -j, please try again without -j. From time to time in the past there 1439 have been problems using -j with buildworld and/or installworld. This 1440 is especially true when upgrading between "distant" versions (eg one 1441 that cross a major release boundary or several minor releases, or when 1442 several months have passed on the -current branch). 1443 1444 Sometimes, obscure build problems are the result of environment 1445 poisoning. This can happen because the make utility reads its 1446 environment when searching for values for global variables. To run 1447 your build attempts in an "environmental clean room", prefix all make 1448 commands with 'env -i '. See the env(1) manual page for more details. 1449 1450 When upgrading from one major version to another it is generally best 1451 to upgrade to the latest code in the currently installed branch first, 1452 then do an upgrade to the new branch. This is the best-tested upgrade 1453 path, and has the highest probability of being successful. Please try 1454 this approach before reporting problems with a major version upgrade. 1455 1456 When upgrading a live system, having a root shell around before 1457 installing anything can help undo problems. Not having a root shell 1458 around can lead to problems if pam has changed too much from your 1459 starting point to allow continued authentication after the upgrade. 1460 1461 This file should be read as a log of events. When a later event changes 1462 information of a prior event, the prior event should not be deleted. 1463 Instead, a pointer to the entry with the new information should be 1464 placed in the old entry. Readers of this file should also sanity check 1465 older entries before relying on them blindly. Authors of new entries 1466 should write them with this in mind. 1467 1468 ZFS notes 1469 --------- 1470 When upgrading the boot ZFS pool to a new version, always follow 1471 these two steps: 1472 1473 1.) recompile and reinstall the ZFS boot loader and boot block 1474 (this is part of "make buildworld" and "make installworld") 1475 1476 2.) update the ZFS boot block on your boot drive 1477 1478 The following example updates the ZFS boot block on the first 1479 partition (freebsd-boot) of a GPT partitioned drive ada0: 1480 "gpart bootcode -p /boot/gptzfsboot -i 1 ada0" 1481 1482 Non-boot pools do not need these updates. 1483 1484 To build a kernel 1485 ----------------- 1486 If you are updating from a prior version of FreeBSD (even one just 1487 a few days old), you should follow this procedure. It is the most 1488 failsafe as it uses a /usr/obj tree with a fresh mini-buildworld, 1489 1490 make kernel-toolchain 1491 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE 1492 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE 1493 1494 To test a kernel once 1495 --------------------- 1496 If you just want to boot a kernel once (because you are not sure 1497 if it works, or if you want to boot a known bad kernel to provide 1498 debugging information) run 1499 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel 1500 nextboot -k testkernel 1501 1502 To just build a kernel when you know that it won't mess you up 1503 -------------------------------------------------------------- 1504 This assumes you are already running a CURRENT system. Replace 1505 ${arch} with the architecture of your machine (e.g. "i386", 1506 "arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc). 1507 1508 cd src/sys/${arch}/conf 1509 config KERNEL_NAME_HERE 1510 cd ../compile/KERNEL_NAME_HERE 1511 make depend 1512 make 1513 make install 1514 1515 If this fails, go to the "To build a kernel" section. 1516 1517 To rebuild everything and install it on the current system. 1518 ----------------------------------------------------------- 1519 # Note: sometimes if you are running current you gotta do more than 1520 # is listed here if you are upgrading from a really old current. 1521 1522 <make sure you have good level 0 dumps> 1523 make buildworld 1524 make kernel KERNCONF=YOUR_KERNEL_HERE 1525 [1] 1526 <reboot in single user> [3] 1527 mergemaster -Fp [5] 1528 make installworld 1529 mergemaster -Fi [4] 1530 make delete-old [6] 1531 <reboot> 1532 1533 To cross-install current onto a separate partition 1534 -------------------------------------------------- 1535 # In this approach we use a separate partition to hold 1536 # current's root, 'usr', and 'var' directories. A partition 1537 # holding "/", "/usr" and "/var" should be about 2GB in 1538 # size. 1539 1540 <make sure you have good level 0 dumps> 1541 <boot into -stable> 1542 make buildworld 1543 make buildkernel KERNCONF=YOUR_KERNEL_HERE 1544 <maybe newfs current's root partition> 1545 <mount current's root partition on directory ${CURRENT_ROOT}> 1546 make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC 1547 make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd 1548 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT} 1549 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd 1550 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition> 1551 <reboot into current> 1552 <do a "native" rebuild/install as described in the previous section> 1553 <maybe install compatibility libraries from ports/misc/compat*> 1554 <reboot> 1555 1556 1557 To upgrade in-place from stable to current 1558 ---------------------------------------------- 1559 <make sure you have good level 0 dumps> 1560 make buildworld [9] 1561 make kernel KERNCONF=YOUR_KERNEL_HERE [8] 1562 [1] 1563 <reboot in single user> [3] 1564 mergemaster -Fp [5] 1565 make installworld 1566 mergemaster -Fi [4] 1567 make delete-old [6] 1568 <reboot> 1569 1570 Make sure that you've read the UPDATING file to understand the 1571 tweaks to various things you need. At this point in the life 1572 cycle of current, things change often and you are on your own 1573 to cope. The defaults can also change, so please read ALL of 1574 the UPDATING entries. 1575 1576 Also, if you are tracking -current, you must be subscribed to 1577 freebsd-current@freebsd.org. Make sure that before you update 1578 your sources that you have read and understood all the recent 1579 messages there. If in doubt, please track -stable which has 1580 much fewer pitfalls. 1581 1582 [1] If you have third party modules, such as vmware, you 1583 should disable them at this point so they don't crash your 1584 system on reboot. 1585 1586 [3] From the bootblocks, boot -s, and then do 1587 fsck -p 1588 mount -u / 1589 mount -a 1590 cd src 1591 adjkerntz -i # if CMOS is wall time 1592 Also, when doing a major release upgrade, it is required that 1593 you boot into single user mode to do the installworld. 1594 1595 [4] Note: This step is non-optional. Failure to do this step 1596 can result in a significant reduction in the functionality of the 1597 system. Attempting to do it by hand is not recommended and those 1598 that pursue this avenue should read this file carefully, as well 1599 as the archives of freebsd-current and freebsd-hackers mailing lists 1600 for potential gotchas. The -U option is also useful to consider. 1601 See mergemaster(8) for more information. 1602 1603 [5] Usually this step is a noop. However, from time to time 1604 you may need to do this if you get unknown user in the following 1605 step. It never hurts to do it all the time. You may need to 1606 install a new mergemaster (cd src/usr.sbin/mergemaster && make 1607 install) after the buildworld before this step if you last updated 1608 from current before 20130425 or from -stable before 20130430. 1609 1610 [6] This only deletes old files and directories. Old libraries 1611 can be deleted by "make delete-old-libs", but you have to make 1612 sure that no program is using those libraries anymore. 1613 1614 [8] In order to have a kernel that can run the 4.x binaries needed to 1615 do an installworld, you must include the COMPAT_FREEBSD4 option in 1616 your kernel. Failure to do so may leave you with a system that is 1617 hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is 1618 required to run the 5.x binaries on more recent kernels. And so on 1619 for COMPAT_FREEBSD6 and COMPAT_FREEBSD7. 1620 1621 Make sure that you merge any new devices from GENERIC since the 1622 last time you updated your kernel config file. 1623 1624 [9] When checking out sources, you must include the -P flag to have 1625 cvs prune empty directories. 1626 1627 If CPUTYPE is defined in your /etc/make.conf, make sure to use the 1628 "?=" instead of the "=" assignment operator, so that buildworld can 1629 override the CPUTYPE if it needs to. 1630 1631 MAKEOBJDIRPREFIX must be defined in an environment variable, and 1632 not on the command line, or in /etc/make.conf. buildworld will 1633 warn if it is improperly defined. 1634FORMAT: 1635 1636This file contains a list, in reverse chronological order, of major 1637breakages in tracking -current. It is not guaranteed to be a complete 1638list of such breakages, and only contains entries since September 23, 2011. 1639If you need to see UPDATING entries from before that date, you will need 1640to fetch an UPDATING file from an older FreeBSD release. 1641 1642Copyright information: 1643 1644Copyright 1998-2009 M. Warner Losh. All Rights Reserved. 1645 1646Redistribution, publication, translation and use, with or without 1647modification, in full or in part, in any form or format of this 1648document are permitted without further permission from the author. 1649 1650THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR 1651IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 1652WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 1653DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT, 1654INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 1655(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 1656SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1657HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1658STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 1659IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 1660POSSIBILITY OF SUCH DAMAGE. 1661 1662Contact Warner Losh if you have any questions about your use of 1663this document. 1664 1665$FreeBSD: releng/11.0/UPDATING 314125 2017-02-23 07:11:48Z delphij $ 1666