FreeBSD 10.0-RELEASE Release Notes
Abstract
The release notes for FreeBSD 10.0-RELEASE contain a summary of the changes made to the FreeBSD base system on the 10.0-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
Table of Contents
Introduction
This document contains the release notes for FreeBSD 10.0-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
The latest, up-to-date version of the release notes are
available online at FreeBSD
10.0-RELEASE Release Notes
.
This distribution of FreeBSD 10.0-RELEASE is a release
distribution. It can be found at http://www.FreeBSD.org/releases/
or any of its
mirrors. More information on obtaining this (or other) release
distributions of FreeBSD can be found in the Obtaining
FreeBSD' appendix to the FreeBSD
Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 10.0-RELEASE can be found on the FreeBSD Web site.
What’s New
This section describes the most user-visible new or changed features in FreeBSD since 9.2-RELEASE.
Typical release note items document recent security advisories issued after 9.2-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Security Advisories
Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from FreeBSD Security Information.
Advisory | Date | Topic |
---|---|---|
19 November 2013 |
OpenSSH AES-GCM memory corruption vulnerability |
|
14 January 2014 |
bsnmpd remote denial of service vulnerability |
|
14 January 2014 |
ntpd distributed reflection Denial of Service vulnerability |
|
14 January 2014 |
OpenSSL multiple vulnerabilities |
|
14 January 2014 |
BIND remote denial of service vulnerability |
Kernel Changes
Capsicum has been enabled in the kernel by default, allowing sandboxing of several programs that work within the "capabilities mode".
The use of unmapped VMIO buffers eliminates the need to perform TLB shootdown for mapping on buffer creation and reuse, greatly reducing the amount of IPIs for shootdown on big-SMP machines and eliminating up to 25-30% of the system time on i/o intensive workloads. (r248508)
Virtualization support
virtio(4) support has been added. virtio(4) is the name for the paravirtualization interface developed for the Linux KVM, but since adopted to other virtual machine hypervisors (with the notable exception of Xen). This work brings in a BSD-licensed clean-room implementation of the virtio kernel drivers for disk IO (virtio_blk(4) and virtio_scsi(4)), network IO (vtnet(4)), memory ballooning (virtio_balloon(4)), and PCI. Tested with on Qemu/KVM, VirtualBox, and bhyve(4). (r227652)
hv_ata_pci_disengage_load="YES" hv_netsvc_load="YES" hv_utils_load="YES" hv_vmbus_load="YES"
Alternatively, the Hyper-V drivers can be added to the i386
kernel by adding device hyperv
to the kernel config,
and then recompiling the kernel. Please refer to FreeBSD and Microsoft Windows
Server Hyper-V support for full instructions on how to set up
Hyper-V support under FreeBSD.
ARM support
Raspberry PI support has been added. Refer to these setup instructions and this quick start guide. (r239922)
The default ABI on ARM is now the ARM EABI. This brings a number of improvements and allows future support for VFP and Thumb-2. (r253396)
ARM support has been greatly improved, including support for ARMv6 and ARMv7, SMP and thread-local storage (TLS). Additionally support for some newer SoC like the MV78x60 and OMAP4 was added. See the announcement for further details. (r239268)
Superpages support on ARM has been added. Superpages support provides improved performance and scalability by allowing TLB translations to dynamically cover large physical memory regions. All ARMv6 and ARMv7-based platforms can take advantage of this feature. See the ARM Superpages status page for further details. (r254918)
Hardware Support
Multimedia Support
Support for version 2.0 of the USB Audio reference design has been added. New devices should support higher bandwidth, increased sampling frequency and wider dynamic range. (r240609)
Network Interface Support
The re(4) driver has been overhauled to fix a number of issues. This driver now has Wake On LAN (WOL) support.
The vr(4) driver has been overhauled to fix a number of outstanding issues. It also now works on all architectures.
[amd64,i386] The wpi(4) driver has been updated to include a number of stability fixes.
The cxgbe(4) driver has been updated to support 40G/10G Ethernet NICs based on Chelsio’s Terminator 5 (T5) ASIC. (r248925)
The iw_cxgbe driver has been added. This is an experimental iWARP/RDMA driver (kernel verbs only) for Chelsio’s T4 and T5 based cards. (r256694)
The Open Fabrics Enterprise Distribution (OFED) and OFED Infiniband core has been updated to the same version as supplied by Linux version 3.7 (r255932)
The Mellanox Infiniband driver has been updated to firmware version 2.30.3200 for ConnectX3 NICs. Support has been added for ConnectX3 VPI NICs, where each port can be used as Infiniband 56 GB/s or Ethernet 40 GB/s. Support has been added for dynamically loading kernel modules for Infiniband core (ibcore) and IP over Infiniband (ipoib). (r255932)
netmap(4) has been added. netmap(4) is a framework for high-performance direct-to-hardware packet IO, offering low latency and high PPS rates to userland applications while bypassing any kernel-side packet processing. With netmap(4) it is trivially possible to fully saturate a 10 Gbps network interface with minimal packet sizes. For more information, see: Netmap Project. (r227614)
Network Protocols
carp(4) has been rewritten to make addresses more sane from the viewpoint of routing daemons such as quagga/zebra. It also brings support for a single redundant address on the subnet (carpdev), switching state with ifconfig(8), better locking and using modern kernel interfaces to allocate multicast memberships. Configuration of the CARP protocol via ifconfig(8) has changed, as well as the format of CARP events submitted to devd(8). See carp(4) for more information. The arpbalance feature of carp(4) is currently not supported anymore. (r228571)
The pf(4) firewall now supports fine-grain locking and better utilization on multi-CPU machines, resulting in significant improvements in performance. (r240233)
Support for up to 65536 routing tables has been introduced. (r250700)
Disks and Storage
The aac(4) driver now supports volumes larger than 2TB in size.
The hptrr(4) driver has been updated to version 1.2 from Highpoint.
nvme(4) has been added and provides NVM Express support. NVM Express is an optimized register interface, command set and feature set of PCI Express (PCIe)-based Solid-State Drives (SSDs). For more information, see nvmexpress.org. (r240616)
File Systems
A new kernel-based iSCSI target and initiator has been added. (r255570)
UFS filesystems can now be enlarged with growfs(8) while mounted read-write. This is especially useful for virtual machines, allowing the addition of more harddrive space without interruption of service. (r243246)
A state of the art FUSE implementation is now part of the base system. It allows the use of nearly all fusefs file systems. (r241519)
ZFS
bsdinstall(8) now supports installing ZFS on the root file system. It includes a single configuration menu that allows you to select all of the required details, including which drives to use, what ZFS RAID level to use (taking into consideration the selected number of drives), GPT or MBR, GELI encryption, forcing 4K sectors, pool name, etc. (r256361)
Support for L2ARC compression has been added to ZFS. (r252140)
The zio nop-write improvement from Illumos was imported into FreeBSD. To reduce I/O, nop-write skips overwriting data if the (cryptographically secure) checksum of new data matches the checksum of existing data. It also saves space if snapshots are in use. This improvement only works on datasets with enabled compression, disabled deduplication and sha256 checksums. ZFS will now compare the checksums of incoming writes to the checksum of the existing on-disk data and avoid issuing any write I/O for data that has not changed. This will reduce I/O as well as space usage because if the old block is referenced by a snapshot, both copies of the block are kept even though both contain the same data. (r243524)
Userland Changes
On platforms where clang(1) is the default system compiler (such as i386, amd64, arm), GCC and GNU libstdc are no longer built by default. http://www.FreeBSD.org/cgi/man.cgi?query=clang&sektion=1[clang(1)] and libc from LLVM are used on these platforms by instead. GCC 4.2.1 and libstdc++ are still built and used by default on pc98 and all other platforms where clang(1) is not the default system compiler. (r255321)
clang(1) and llvm have been updated to version 3.3 release. Please refer to Clang 3.3 Release Notes. (r251662)
BIND has been removed from the base system. unbound(8),
which is maintained by NLnet Labs, has been imported to support
local DNS resolution functionality with DNSSEC. Note that it is not
a replacement of BIND# and the latest versions of BIND# is still
available in the Ports Collection. With this change, nslookup and
dig are no longer a part of the base system. Users should instead
use host(1)
and drill(1)
Alternatively, nslookup and dig can be obtained by installing
dns/bind-tools
port.
(r255949)
sysinstall has been removed from the base system. Auxiliary libraries and tools used by sysinstall such as libdisk, libftpio, and sade have also been removed. sysinstall has been replaced by bsdinstall(8) and bsdconfig(8). (r225937)
freebsd-version(1) has been added. This tool makes a best effort to determine the version and patch level of the installed kernel and userland. (r256106)
GNU patch has been removed from the base system, and replaced by a BSD-licensed patch(1) program. (r255191)
GNU sort has been removed from the base system, and replaced by a BSD-licensed sort(1) program. (r241511)
Berkeley yacc (byacc) has been imported from invisible island. This brings bison compatibilities to yacc(1) while preserving full backwards compatibility with previous version of yacc(1). (r235723)
Support for usernames up to 32 characters. (r243023)
The adduser(8)
utility now supports a -M
option to set the mode of a
new user’s home directory.
BSD-licensed versions of ar(1) and ranlib(1), based on libarchive(3), have replaced the GNU Binutils versions of these utilities.
chflags(1)
now supports a -v
flag for verbose output and a
-f
flag to ignore errors with the same semantics as
(for example) chmod(1).
For compatibility with other implementations, cp(1)
now supports a -a
flag, which is equivalent to
specifying the -RrP
flags.
BSD-licensed version of cpio(1)
based on
libarchive(3), has replaced the GNU cpio. Note that the GNU
cpio is still installed as gcpio
.
The env(1)
program now supports -u name
which will completely
unset the given variable `name` by removing it from the
environment, instead of just setting it to a null value.
The fdopendir(3) library function has been added.
The fetch(3)
library now supports HTTP 1.1 If-Modified-Since behavior. The
fetch(1)
program now supports -i filename
which will only
download the specified HTTP URL if the content is newer than
`filename`.
find(1) has been enhanced by the addition of a number of primaries that were present in GNU find but not FreeBSD find(1).
kgdb(1)
now supports a new add-kld
command to make it easier
to debug crash dumps with kernel modules.
The ls(1)
program now supports a -D
option to specify a date
format string to be used with the long format (-l
)
output.
nc(1)
now supports a -O
switch to disable the use of TCP
options.
nc(1)'s
-o
switch has been deprecated. It will be removed in a
future release.
The ping6(8)
utility now returns 2
when the packet transmission was
successful but no responses were received (this is the same
behavior as ping(8)).
It returned a non-zero value before this change.
The realpath(1)
utility now supports a -q
flag to suppress warnings;
it now also accepts multiple paths on its command line.
sh(1) has many bug fixes, some new features, and will now refuse to parse some invalid scripts. Additionally, it now has filename completion and defaults to the "emacs" editing mode.
The split(1)
utility now supports a -n
flag to split a file into a
certain number of chunks.
The tar(1)
utility now supports a -Z
flag to enable compress(1)-style
compression/decompression.
The tar(1)
utility now supports a --numeric-owner
flag to ignore
user/group names on create and extract.
The tar(1)
utility now supports the -S
flag to sparsify files on
extraction.
The tar(1)
utility now supports a -s
flag to substitute filenames
based on the specified regular expression.
The tcgetsid(3) library function has been added to return the process group ID for the session leader for the controlling terminal. It is defined in IEEE Std 1003.1-2001 (POSIX).
top(1)
now supports a -P
flag to provide per-CPU usage
statistics.
zdump(8) is now working properly on 64-bit architectures.
traceroute(8) now has the ability to print the AS number for
each hop with the new -a
switch; a new -A
option allows selecting a particular WHOIS server.
traceroute6(8) now supports a -U
flag to send
probe packets with no upper-layer protocol, rather than the usual
UDP probe packets.
/etc/rc.d
Scripts
The followoing rc(8) scripts have been added:
rc(8) Script | Function |
---|---|
|
iSCSI target daemon startup script |
|
iSCSI initiator management utility startup script |
|
iSCSI initiatior daemon startup script |
|
Kerberos ticket forwarding daemon startup script |
|
Unbound startup script for the local caching resolver |
|
Generates a new entropy file at system boot |
|
Replaces |
|
Enables swap with "late" set at system boot |
|
User accounting database startup and shutdown script |
The following rc(8) scripts have been removed:
rc(8) Script | Reason |
---|---|
|
Replaced by |
|
Removed with BIND# |
|
Replaced by |
Contributed Software
jemalloc(3) has been updated to 3.4.0. See this link for more details. (r251300)
AMD# has been updated from 6.0.10 to 6.1.5.
awk# has been updated to the 20121220 release.
CVS# has been removed from the base system, but is still available from Ports Collection. (r251794)
Subversion has been imported into the base system and is installed as svnlite#. svnlite# should only be used for checking out the FreeBSD source trees and committing, and does not replace the full Subversion port. (r251886)
file# has been updated to 5.11. (r234449)
hostapd# has been updated from 0.5.8 to 0.5.10. (r252726)
IPFilter# has been updated to 5.1.2.
less# has been updated to v458. (r250592v
ncurses# has been updated to 5.7-20081102.
OpenSSH# has been updated to 6.4.
OpenPAM# has been updated to the Micrampelis release. (r236109)
sendmail# has been updated from 8.14.1 to 8.14.7.
The timezone database has been updated from the tzdata2008h# release to the tzdata2009m# release.
The stdtime part of libc, zdump(8)
and zic(8)
have been updated from the tzcode2004a# release to the tzcode2009h#
release. If you have upgraded from source or via the
freebsd-update(8), then please run tzsetup(8)
to install a new /etc/localtime
.
WPA Supplicant# has been updated to 2.0. (r252726)
xz# has been updated from snapshot as of 12 April 2010 to 5.0.0.
Ports/Packages Collection Infrastructure
The pkg_add, pkg_create, pkg_delete, pkg_info, pkg_updating, and pkg_version utilities have been removed. pkg(7) must now be used to install binary packages. pkg(7) is the next generation FreeBSD package manager, also referred to as "pkgng". If upgrading from a previous FreeBSD release, be sure to run pkg2ng# to convert the old package database to the new format. (r257444)
Release Engineering and Integration
The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.20.1 to 2.22.
Upgrading from previous releases of FreeBSD
[amd64,i386] Beginning with FreeBSD 6.2-RELEASE, binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC or SMP kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are supported,
according to the instructions in /usr/src/UPDATING
.
Important:
Upgrading FreeBSD should, of course, only be attempted after
backing up all data and configuration files.