xref: /freebsd-10.1-release/UPDATING

Updating Information for FreeBSD current users

This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
See end of file for further details.  For commonly done items, please see the
COMMON ITEMS: section later in the file.  These instructions assume that you
basically know what you are doing.  If not, then please consult the FreeBSD
handbook:

    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html

Items affecting the ports and packages system can be found in
/usr/ports/UPDATING.  Please read that file before running portupgrade.

NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.

20150618:	p13	FreeBSD-EN-15:08.sendmail
	Improvements to sendmail TLS/DH interoperability. [EN-15:08]

20150612:	p12	FreeBSD-SA-15:10.openssl
	Fix multiple vulnerabilities in OpenSSL.  [SA-15:10]

20150609:	p11	FreeBSD-EN-15:06.file
			FreeBSD-EN-15:07.zfs

	Updated base system file(1) to 5.22 to address multiple denial
	of service issues. [EN-15:06]

	Improved reliability of ZFS when TRIM/UNMAP and/or L2ARC is used.
	[EN-15:07]

20150513:	p10	FreeBSD-EN-15:04.freebsd-update
			FreeBSD-EN-15:05.ufs

	Fix bug with freebsd-update(8) that does not ensure the previous
	upgrade was completed. [EN-15:04]

	Fix deadlock on reboot with UFS tuned with SU+J. [EN-15:05]

20150407:	p9	FreeBSD-SA-15:04.igmp [revised]
			FreeBSD-SA-15:07.ntp
			FreeBSD-SA-15:08.bsdinstall
			FreeBSD-SA-15:09.ipv6

	Improved patch for SA-15:04.igmp.

	Fix multiple vulnerabilities of ntp. [SA-15:07]

	Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08]

	Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]

20150320:	p8
	Fix patch for SA-15:06.openssl.

20150319:	p7	FreeBSD-SA-15:06.openssl
	Fix multiple vulnerabilities in OpenSSL.  [SA-15:06]

20150225:	p6	FreeBSD-SA-15:04.igmp
			FreeBSD-EN-15:01.vt
			FreeBSD-EN-15:02.openssl
			FreeBSD-EN-15:03.freebsd-update

	Fix integer overflow in IGMP protocol. [SA-15:04]

	Fix vt(4) crash with improper ioctl parameters. [EN-15:01]

	Updated base system OpenSSL to 1.0.1l. [EN-15:02]

	Fix freebsd-update libraries update ordering issue. [EN-15:03]

20150127:	p5	FreeBSD-SA-15:02.kmem
			FreeBSD-SA-15:03.sctp

	Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure
	vulnerability.  [SA-15:02]

	Fix SCTP stream reset vulnerability.  [SA-15:03]

20150114:	p4	FreeBSD-SA-15:01.openssl
	Fix multiple vulnerabilities in OpenSSL.  [SA-15:01]

20141223:	p3	FreeBSD-SA-14:31.ntp
			FreeBSD-EN-14:13.freebsd-update

	Fix multiple vulnerabilities in NTP suite.  [SA-14:31]
	Fix directory deletion issue in freebsd-update.	 [EN-14:13]

20141217:	p2	FreeBSD-SA-14:30.unbound
	Fix unbound remote denial of service vulnerability.

20141210:	p1	FreeBSD-SA-14:27.stdio
			FreeBSD-SA-14:28.file

	Fix buffer overflow in stdio. [SA-14:27]

	Fix multiple vulnerabilities in file(1) and libmagic(3).
	[SA-14:28]

20140904:
	The ofwfb driver, used to provide a graphics console on PowerPC when
	using vt(4), no longer allows mmap() of all of physical memory. This
	will prevent Xorg on PowerPC with some ATI graphics cards from
	initializing properly unless x11-servers/xorg-server is updated to
	1.12.4_8 or newer.

20140831:
	The libatf-c and libatf-c++ major versions were downgraded to 0 and
	1 respectively to match the upstream numbers.  They were out of
	sync because, when they were originally added to FreeBSD, the
	upstream versions were not respected.  These libraries are private
	and not yet built by default, so renumbering them should be a
	non-issue.  However, unclean source trees will yield broken test
	programs once the operator executes "make delete-old-libs" after a
	"make installworld".

	Additionally, the atf-sh binary was made private by moving it into
	/usr/libexec/.  Already-built shell test programs will keep the
	path to the old binary so they will break after "make delete-old"
	is run.

	If you are using WITH_TESTS=yes (not the default), wipe the object
	tree and rebuild from scratch to prevent spurious test failures.
	This is only needed once: the misnumbered libraries and misplaced
	binaries have been added to OptionalObsoleteFiles.inc so they will
	be removed during a clean upgrade.

20140814:
	The ixgbe tunables now match their sysctl counterparts, for example:
	hw.ixgbe.enable_aim => hw.ix.enable_aim
	Anyone using ixgbe tunables should ensure they update /boot/loader.conf.

20140801:
	The NFSv4.1 server committed by r269398 changes the internal
	function call interfaces used between the NFS and krpc modules.
	As such, __FreeBSD_version was bumped.

20140729:
	The default unbound configuration has been modified to address
	issues with reverse lookups on networks that use private
	address ranges.  If you use the local_unbound service, run
	"service local_unbound setup" as root to regenerate your
	configuration, then "service local_unbound reload" to load the
	new configuration.

20140717:
	It is no longer necessary to include the dwarf version in your DEBUG
	options in your kernel config file. The bug that required it to be
	placed in the config file has bene fixed. DEBUG should now just
	contain -g. The build system will automatically update things
	to do the right thing.

20140715:
	Several ABI breaking changes were merged to CTL and new iSCSI code.
	All CTL and iSCSI-related tools, such as ctladm, ctld, iscsid and
	iscsictl need to be rebuilt to work with a new kernel.

20140708:
	The WITHOUT_VT_SUPPORT kernel config knob has been renamed
	WITHOUT_VT.  (The other _SUPPORT knobs have a consistent meaning
	which differs from the behaviour controlled by this knob.)

20140608:
	On i386 and amd64 systems, the onifconsole flag is now set by default
	in /etc/ttys for ttyu0. This causes ttyu0 to be automatically enabled
	as a login TTY if it is set in the bootloader as an active kernel
	console. No changes in behavior should result otherwise. To revert to
	the previous behavior, set ttyu0 to "off" in /etc/ttys.

20140512:
	Clang and llvm have been upgraded to 3.4.1 release.

20140321:
	Clang and llvm have been upgraded to 3.4 release.

20140306:
	If a Makefile in a tests/ directory was auto-generating a Kyuafile
	instead of providing an explicit one, this would prevent such
	Makefile from providing its own Kyuafile in the future during
	NO_CLEAN builds.  This has been fixed in the Makefiles but manual
	intervention is needed to clean an objdir if you use NO_CLEAN:
	  # find /usr/obj -name Kyuafile | xargs rm -f

20140303:
	OpenSSH will now ignore errors caused by kernel lacking of Capsicum
	capability mode support.  Please note that enabling the feature in
	kernel is still highly recommended.

20140227:
	OpenSSH is now built with sandbox support, and will use sandbox as
	the default privilege separation method.  This requires Capsicum
	capability mode support in kernel.

20140216:
	The nve(4) driver for NVIDIA nForce MCP Ethernet adapters has
	been deprecated and will not be part of FreeBSD 11.0 and later
	releases.  If you use this driver, please consider switching to
	the nfe(4) driver instead.

20140120:
	10.0-RELEASE.

20131216:
	The behavior of gss_pseudo_random() for the krb5 mechanism
	has changed, for applications requesting a longer random string
	than produced by the underlying enctype's pseudo-random() function.
	In particular, the random string produced from a session key of
	enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
	be different at the 17th octet and later, after this change.
	The counter used in the PRF+ construction is now encoded as a
	big-endian integer in accordance with RFC 4402.
	__FreeBSD_version is bumped to 1000701.

20131108:
	The WITHOUT_ATF build knob has been removed and its functionality
	has been subsumed into the more generic WITHOUT_TESTS.  If you were
	using the former to disable the build of the ATF libraries, you
	should change your settings to use the latter.

20131031:
	The default version of mtree is nmtree which is obtained from
	NetBSD.  The output is generally the same, but may vary
	slightly.  If you found you need identical output adding
	"-F freebsd9" to the command line should do the trick.  For the
	time being, the old mtree is available as fmtree.

20131014:
	libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
	This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
	1.1.4_8 and verify bsdyml not linked in, before running "make
	delete-old-libs":
	  # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
	  or
	  # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml

20131010:
	The rc.d/jail script has been updated to support jail(8)
	configuration file.  The "jail_<jname>_*" rc.conf(5) variables
	for per-jail configuration are automatically converted to
	/var/run/jail.<jname>.conf before the jail(8) utility is invoked.
	This is transparently backward compatible.  See below about some
	incompatibilities and rc.conf(5) manual page for more details.

	These variables are now deprecated in favor of jail(8) configuration
	file.  One can use "rc.d/jail config <jname>" command to generate
	a jail(8) configuration file in /var/run/jail.<jname>.conf without
	running the jail(8) utility.   The default pathname of the
	configuration file is /etc/jail.conf and can be specified by
	using $jail_conf or $jail_<jname>_conf variables.

	Please note that jail_devfs_ruleset accepts an integer at
	this moment.  Please consider to rewrite the ruleset name
	with an integer.

20130930:
	BIND has been removed from the base system.  If all you need
	is a local resolver, simply enable and start the local_unbound
	service instead.  Otherwise, several versions of BIND are
	available in the ports tree.   The dns/bind99 port is one example.

	With this change, nslookup(1) and dig(1) are no longer in the base
	system.  Users should instead use host(1) and drill(1) which are
	in the base system.  Alternatively, nslookup and dig can
	be obtained by installing the dns/bind-tools port.

20130916:
	With the addition of unbound(8), a new unbound user is now
	required during installworld.  "mergemaster -p" can be used to
	add the user prior to installworld, as documented in the handbook.

20130911:
	OpenSSH is now built with DNSSEC support, and will by default
	silently trust signed SSHFP records.  This can be controlled with
	the VerifyHostKeyDNS client configuration setting.  DNSSEC support
	can be disabled entirely with the WITHOUT_LDNS option in src.conf.

20130906:
	The GNU Compiler Collection and C++ standard library (libstdc++)
	are no longer built by default on platforms where clang is the system
	compiler.  You can enable them with the WITH_GCC and WITH_GNUCXX
	options in src.conf.  

20130905:
	The PROCDESC kernel option is now part of the GENERIC kernel
	configuration and is required for the rwhod(8) to work.
	If you are using custom kernel configuration, you should include
	'options PROCDESC'.

20130905:
	The API and ABI related to the Capsicum framework was modified
	in backward incompatible way. The userland libraries and programs
	have to be recompiled to work with the new kernel. This includes the
	following libraries and programs, but the whole buildworld is
	advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
	kdump, procstat, rwho, rwhod, uniq.

20130903:
	AES-NI intrinsic support has been added to gcc.  The AES-NI module
	has been updated to use this support.  A new gcc is required to build
	the aesni module on both i386 and amd64.

20130821:
	The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
	Thus "device padlock_rng" and "device rdrand_rng" should be
	used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".

20130813:
	WITH_ICONV has been split into two feature sets.  WITH_ICONV now
	enables just the iconv* functionality and is now on by default.
	WITH_LIBICONV_COMPAT enables the libiconv api and link time
	compatability.  Set WITHOUT_ICONV to build the old way.
	If you have been using WITH_ICONV before, you will very likely
	need to turn on WITH_LIBICONV_COMPAT.

20130806:
	INVARIANTS option now enables DEBUG for code with OpenSolaris and
	Illumos origin, including ZFS.  If you have INVARIANTS in your
	kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
	explicitly.
	DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
	locks if WITNESS option was set.  Because that generated a lot of
	witness(9) reports and all of them were believed to be false
	positives, this is no longer done.  New option OPENSOLARIS_WITNESS
	can be used to achieve the previous behavior.

20130806:
	Timer values in IPv6 data structures now use time_uptime instead
	of time_second.  Although this is not a user-visible functional
	change, userland utilities which directly use them---ndp(8),
	rtadvd(8), and rtsold(8) in the base system---need to be updated
	to r253970 or later.

20130802:
	find -delete can now delete the pathnames given as arguments,
	instead of only files found below them or if the pathname did
	not contain any slashes. Formerly, the following error message
	would result:

	find: -delete: <path>: relative path potentially not safe

	Deleting the pathnames given as arguments can be prevented
	without error messages using -mindepth 1 or by changing
	directory and passing "." as argument to find. This works in the
	old as well as the new version of find.

20130726:
	Behavior of devfs rules path matching has been changed.
	Pattern is now always matched against fully qualified devfs
	path and slash characters must be explicitly matched by
	slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
	subdirectories must be reviewed.

20130716:
	The default ARM ABI has changed to the ARM EABI. The old ABI is
	incompatible with the ARM EABI and all programs and modules will
	need to be rebuilt to work with a new kernel.

	To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.

	NOTE: Support for the old ABI will be removed in the future and
	users are advised to upgrade.

20130709:
	pkg_install has been disconnected from the build if you really need it
	you should add WITH_PKGTOOLS in your src.conf(5).

20130709:
	Most of network statistics structures were changed to be able
	keep 64-bits counters. Thus all tools, that work with networking
	statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)

20130629:
	Fix targets that run multiple make's to use && rather than ;
	so that subsequent steps depend on success of previous.

	NOTE: if building 'universe' with -j* on stable/8 or stable/9
	it would be better to start the build using bmake, to avoid
	overloading the machine.

20130618:
	Fix a bug that allowed a tracing process (e.g. gdb) to write
	to a memory-mapped file in the traced process's address space
	even if neither the traced process nor the tracing process had
	write access to that file.

20130615:
	CVS has been removed from the base system.  An exact copy
	of the code is available from the devel/cvs port.

20130613:
	Some people report the following error after the switch to bmake:

		make: illegal option -- J
		usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
			...
		*** [buildworld] Error code 2

	this likely due to an old instance of make in
	${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
	which src/Makefile will use that blindly, if it exists, so if
	you see the above error:

		rm -rf `make -V MAKEPATH`

	should resolve it.

20130516:
	Use bmake by default.
	Whereas before one could choose to build with bmake via
	-DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
	make. The goal is to remove these knobs for 10-RELEASE.

	It is worth noting that bmake (like gmake) treats the command
	line as the unit of failure, rather than statements within the
	command line.  Thus '(cd some/where && dosomething)' is safer
	than 'cd some/where; dosomething'. The '()' allows consistent
	behavior in parallel build.

20130429:
        Fix a bug that allows NFS clients to issue READDIR on files.

20130426:
	The WITHOUT_IDEA option has been removed because
	the IDEA patent expired.

20130426:
	The sysctl which controls TRIM support under ZFS has been renamed
	from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
	enabled by default.

20130425:
	The mergemaster command now uses the default MAKEOBJDIRPREFIX
	rather than creating it's own in the temporary directory in
	order allow access to bootstrapped versions of tools such as
	install and mtree.  When upgrading from version of FreeBSD where
	the install command does not support -l, you will need to
	install a new mergemaster command if mergemaster -p is required.
	This can be accomplished with the command (cd src/usr.sbin/mergemaster
	&& make install).

20130404:
	Legacy ATA stack, disabled and replaced by new CAM-based one since
	FreeBSD 9.0, completely removed from the sources.  Kernel modules
	atadisk and atapi*, user-level tools atacontrol and burncd are
	removed.  Kernel option `options ATA_CAM` is now permanently enabled
	and removed.

20130319:
	SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
	and socketpair(2). Software, in particular Kerberos, may
	automatically detect and use these during building. The resulting
	binaries will not work on older kernels.

20130308:
	CTL_DISABLE has also been added to the sparc64 GENERIC (for further
	information, see the respective 20130304 entry).

20130304:
	Recent commits to callout(9) changed the size of struct callout,
	so the KBI is probably heavily disturbed. Also, some functions
	in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
	by macros. Every kernel module using it won't load, so rebuild
	is requested.

	The ctl device has been re-enabled in GENERIC for i386 and amd64,
	but does not initialize by default (because of the new CTL_DISABLE
	option) to save memory.  To re-enable it, remove the CTL_DISABLE
	option from the kernel config file or set kern.cam.ctl.disable=0
	in /boot/loader.conf.

20130301:
	The ctl device has been disabled in GENERIC for i386 and amd64.
	This was done due to the extra memory being allocated at system
	initialisation time by the ctl driver which was only used if
	a CAM target device was created.  This makes a FreeBSD system
	unusable on 128MB or less of RAM.

20130208:
	A new compression method (lz4) has been merged to -HEAD.  Please
	refer to zpool-features(7) for more information.

	Please refer to the "ZFS notes" section of this file for information
	on upgrading boot ZFS pools.

20130129:
	A BSD-licensed patch(1) variant has been added and is installed
	as bsdpatch, being the GNU version the default patch.
	To inverse the logic and use the BSD-licensed one as default,
	while having the GNU version installed as gnupatch, rebuild
	and install world with the WITH_BSD_PATCH knob set.

20130121:
	Due to the use of the new -l option to install(1) during build
	and install, you must take care not to directly set the INSTALL
	make variable in your /etc/make.conf, /etc/src.conf, or on the
	command line.  If you wish to use the -C flag for all installs
	you may be able to add INSTALL+=-C to /etc/make.conf or
	/etc/src.conf.

20130118:
	The install(1) option -M has changed meaning and now takes an
	argument that is a file or path to append logs to.  In the
	unlikely event that -M was the last option on the command line
	and the command line contained at least two files and a target
	directory the first file will have logs appended to it.  The -M
	option served little practical purpose in the last decade so its
	use is expected to be extremely rare.

20121223:
	After switching to Clang as the default compiler some users of ZFS
	on i386 systems started to experience stack overflow kernel panics.
	Please consider using 'options KSTACK_PAGES=4' in such configurations.

20121222:
	GEOM_LABEL now mangles label names read from file system metadata.
	Mangling affect labels containing spaces, non-printable characters,
	'%' or '"'. Device names in /etc/fstab and other places may need to
	be updated.

20121217:
	By default, only the 10 most recent kernel dumps will be saved.  To
	restore the previous behaviour (no limit on the number of kernel dumps
	stored in the dump directory) add the following line to /etc/rc.conf:

		savecore_flags=""

20121201:
	With the addition of auditdistd(8), a new auditdistd user is now
	required during installworld.  "mergemaster -p" can be used to
	add the user prior to installworld, as documented in the handbook.

20121117:
	The sin6_scope_id member variable in struct sockaddr_in6 is now
	filled by the kernel before passing the structure to the userland via
	sysctl or routing socket.  This means the KAME-specific embedded scope
	id in sin6_addr.s6_addr[2] is always cleared in userland application.
	This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
	__FreeBSD_version is bumped to 1000025.

20121105:
	On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
	This means that the world and kernel will be compiled with clang
	and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
	and /usr/bin/cpp.  To disable this behavior and revert to building
	with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
	of current may need to bootstrap WITHOUT_CLANG first if the clang
	build fails (its compatibility window doesn't extend to the 9 stable
	branch point).

20121102:
	The IPFIREWALL_FORWARD kernel option has been removed. Its
	functionality now turned on by default.

20121023:
	The ZERO_COPY_SOCKET kernel option has been removed and
	split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
	NB: SOCKET_SEND_COW uses the VM page based copy-on-write
	mechanism which is not safe and may result in kernel crashes.
	NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
	driver supports disposeable external page sized mbuf storage.
	Proper replacements for both zero-copy mechanisms are under
	consideration and will eventually lead to complete removal
	of the two kernel options.

20121023:
	The IPv4 network stack has been converted to network byte
	order. The following modules need to be recompiled together
	with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
	pf(4), ipfw(4), ng_ipfw(4), stf(4).

20121022:
	Support for non-MPSAFE filesystems was removed from VFS. The
	VFS_VERSION was bumped, all filesystem modules shall be
	recompiled.

20121018:
	All the non-MPSAFE filesystems have been disconnected from
	the build. The full list includes: codafs, hpfs, ntfs, nwfs,
	portalfs, smbfs, xfs.

20121016:
	The interface cloning API and ABI has changed. The following
	modules need to be recompiled together with kernel:
	ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
	vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
	faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).

20121015:
	The sdhci driver was split in two parts: sdhci (generic SD Host
	Controller logic) and sdhci_pci (actual hardware driver).
	No kernel config modifications are required, but if you
	load sdhc as a module you must switch to sdhci_pci instead.

20121014:
	Import the FUSE kernel and userland support into base system.

20121013:
	The GNU sort(1) program has been removed since the BSD-licensed
	sort(1) has been the default for quite some time and no serious
	problems have been reported.  The corresponding WITH_GNU_SORT
	knob has also gone.

20121006:
	The pfil(9) API/ABI for AF_INET family has been changed. Packet
	filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
	with new kernel.

20121001:
	The net80211(4) ABI has been changed to allow for improved driver
	PS-POLL and power-save support.  All wireless drivers need to be
	recompiled to work with the new kernel.

20120913:
	The random(4) support for the VIA hardware random number
	generator (`PADLOCK') is no longer enabled unconditionally.
	Add the padlock_rng device in the custom kernel config if
	needed.  The GENERIC kernels on i386 and amd64 do include the
	device, so the change only affects the custom kernel
	configurations.

20120908:
	The pf(4) packet filter ABI has been changed. pfctl(8) and
	snmp_pf module need to be recompiled to work with new kernel.

20120828:
	A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
	to -HEAD. Pools that have empty_bpobj in active state can not be
	imported read-write with ZFS implementations that do not support
	this feature. For more information read the zpool-features(5)
	manual page.

20120727:
	The sparc64 ZFS loader has been changed to no longer try to auto-
	detect ZFS providers based on diskN aliases but now requires these
	to be explicitly listed in the OFW boot-device environment variable. 

20120712:
	The OpenSSL has been upgraded to 1.0.1c.  Any binaries requiring
	libcrypto.so.6 or libssl.so.6 must be recompiled.  Also, there are
	configuration changes.  Make sure to merge /etc/ssl/openssl.cnf.

20120712:
	The following sysctls and tunables have been renamed for consistency
	with other variables:
	  kern.cam.da.da_send_ordered   -> kern.cam.da.send_ordered
	  kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered

20120628:
	The sort utility has been replaced with BSD sort.  For now, GNU sort
	is also available as "gnusort" or the default can be set back to
	GNU sort by setting WITH_GNU_SORT.  In this case, BSD sort will be
	installed as "bsdsort".

20120611:
	A new version of ZFS (pool version 5000) has been merged to -HEAD.
	Starting with this version the old system of ZFS pool versioning
	is superseded by "feature flags". This concept enables forward
	compatibility against certain future changes in functionality of ZFS
	pools. The first read-only compatible "feature flag" for ZFS pools
	is named "com.delphix:async_destroy". For more information
	read the new zpool-features(5) manual page.
	Please refer to the "ZFS notes" section of this file for information
	on upgrading boot ZFS pools.

20120417:
	The malloc(3) implementation embedded in libc now uses sources imported
	as contrib/jemalloc.  The most disruptive API change is to
	/etc/malloc.conf.  If your system has an old-style /etc/malloc.conf,
	delete it prior to installworld, and optionally re-create it using the
	new format after rebooting.  See malloc.conf(5) for details
	(specifically the TUNING section and the "opt.*" entries in the MALLCTL
	NAMESPACE section).

20120328:
	Big-endian MIPS TARGET_ARCH values no longer end in "eb".  mips64eb
	is now spelled mips64.  mipsn32eb is now spelled mipsn32.  mipseb is
	now spelled mips.  This is to aid compatibility with third-party
	software that expects this naming scheme in uname(3).  Little-endian
	settings are unchanged. If you are updating a big-endian mips64 machine
	from before this change, you may need to set MACHINE_ARCH=mips64 in
	your environment before the new build system will recognize your machine.

20120306:
	Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
	platforms.

20120229:
	Now unix domain sockets behave "as expected" on	nullfs(5). Previously
	nullfs(5) did not pass through all behaviours to the underlying layer,
	as a result if we bound to a socket on the lower layer we could connect
	only to the lower path; if we bound to the upper layer we could connect
	only to	the upper path. The new behavior is one can connect to both the
	lower and the upper paths regardless what layer path one binds to.

20120211:
	The getifaddrs upgrade path broken with 20111215 has been restored.
	If you have upgraded in between 20111215 and 20120209 you need to
	recompile libc again with your kernel.  You still need to recompile
	world to be able to configure CARP but this restriction already
	comes from 20111215.

20120114:
	The set_rcvar() function has been removed from /etc/rc.subr.  All
	base and ports rc.d scripts have been updated, so if you have a
	port installed with a script in /usr/local/etc/rc.d you can either
	hand-edit the rcvar= line, or reinstall the port.

	An easy way to handle the mass-update of /etc/rc.d:
	rm /etc/rc.d/* && mergemaster -i

20120109:
	panic(9) now stops other CPUs in the SMP systems, disables interrupts
	on the current CPU and prevents other threads from running.
	This behavior can be reverted using the kern.stop_scheduler_on_panic
	tunable/sysctl.
	The new behavior can be incompatible with kern.sync_on_panic.

20111215:
	The carp(4) facility has been changed significantly. Configuration
	of the CARP protocol via ifconfig(8) has changed, as well as format
	of CARP events submitted to devd(8) has changed. See manual pages
	for more information. The arpbalance feature of carp(4) is currently
	not supported anymore.

	Size of struct in_aliasreq, struct in6_aliasreq has changed. User
	utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
	need to be recompiled.

20111122:
	The acpi_wmi(4) status device /dev/wmistat has been renamed to
	/dev/wmistat0.

20111108:
	The option VFS_ALLOW_NONMPSAFE option has been added in order to
	explicitely support non-MPSAFE filesystems.
	It is on by default for all supported platform at this present
	time.

20111101:
	The broken amd(4) driver has been replaced with esp(4) in the amd64,
	i386 and pc98 GENERIC kernel configuration files.

20110930:
	sysinstall has been removed

20110923:
	The stable/9 branch created in subversion.  This corresponds to the
	RELENG_9 branch in CVS.

20110913:
	This commit modifies vfs_register() so that it uses a hash
	calculation to set vfc_typenum, which is enabled by default.
	The first time a system is booted after this change, the
	vfc_typenum values will change for all file systems. The
	main effect of this is a change to the NFS server file handles
	for file systems that use vfc_typenum in their fsid, such as ZFS.
	It will, however, prevent vfc_typenum from changing when file
	systems are loaded in a different order for subsequent reboots.
	To disable this, you can set vfs.typenumhash=0 in /boot/loader.conf
	until you are ready to remount all NFS clients after a reboot.

20110828:
	Bump the shared library version numbers for libraries that
	do not use symbol versioning, have changed the ABI compared
	to stable/8 and which shared library version was not bumped.
	Done as part of 9.0-RELEASE cycle.

20110815:
	During the merge of Capsicum features, the fget(9) KPI was modified.
	This may require the rebuilding of out-of-tree device drivers --
	issues have been reported specifically with the nVidia device driver.
	__FreeBSD_version is bumped to 900041.

	Also, there is a period between 20110811 and 20110814 where the
	special devices /dev/{stdin,stdout,stderr} did not work correctly.
	Building world from a kernel during that window may not work.

20110628:
	The packet filter (pf) code has been updated to OpenBSD 4.5.
	You need to update userland tools to be in sync with kernel.
	This update breaks backward compatibility with earlier pfsync(4)
	versions.  Care must be taken when updating redundant firewall setups.

20110608:
	The following sysctls and tunables are retired on x86 platforms:
		machdep.hlt_cpus
		machdep.hlt_logical_cpus
	The following sysctl is retired:
		machdep.hyperthreading_allowed
	The sysctls were supposed to provide a way to dynamically offline and
	online selected CPUs on x86 platforms, but the implementation has not
	been reliable especially with SCHED_ULE scheduler.
	machdep.hyperthreading_allowed tunable is still available to ignore
	hyperthreading CPUs at OS level.
	Individual CPUs can be disabled using hint.lapic.X.disabled tunable,
	where X is an APIC ID of a CPU.  Be advised, though, that disabling
	CPUs in non-uniform fashion will result in non-uniform topology and
	may lead to sub-optimal system performance with SCHED_ULE, which is
	a default scheduler.

20110607:
	cpumask_t type is retired and cpuset_t is used in order to describe
	a mask of CPUs.

20110531:
	Changes to ifconfig(8) for dynamic address family detection mandate
	that you are running a kernel of 20110525 or later.  Make sure to
	follow the update procedure to boot a new kernel before installing
	world.

20110513:
	Support for sun4v architecture is officially dropped

20110503:
	Several KPI breaking changes have been committed to the mii(4) layer,
	the PHY drivers and consequently some Ethernet drivers using mii(4).
	This means that miibus.ko and the modules of the affected Ethernet
	drivers need to be recompiled.

	Note to kernel developers: Given that the OUI bit reversion problem
	was fixed as part of these changes all mii(4) commits related to OUIs,
	i.e. to sys/dev/mii/miidevs, PHY driver probing and vendor specific
	handling, no longer can be merged verbatim to stable/8 and previous
	branches.

20110430:
	Users of the Atheros AR71xx SoC code now need to add 'device ar71xx_pci'
	into their kernel configurations along with 'device pci'.

20110427:
	The default NFS client is now the new NFS client, so fstype "newnfs"
	is now "nfs" and the regular/old NFS client is now fstype "oldnfs".
	Although mounts via fstype "nfs" will usually work without userland
	changes, it is recommended that the mount(8) and mount_nfs(8)
	commands be rebuilt from sources and that a link to mount_nfs called
	mount_oldnfs be created. The new client is compiled into the
	kernel with "options NFSCL" and this is needed for diskless root
	file systems. The GENERIC kernel configs have been changed to use
	NFSCL and NFSD (the new server) instead of NFSCLIENT and NFSSERVER.
	To use the regular/old client, you can "mount -t oldnfs ...". For
	a diskless root file system, you must also include a line like:
	
	vfs.root.mountfrom="oldnfs:"

	in the boot/loader.conf on the root fs on the NFS server to make
	a diskless root fs use the old client.

20110424:
	The GENERIC kernels for all architectures now default to the new
	CAM-based ATA stack. It means that all legacy ATA drivers were
	removed and replaced by respective CAM drivers. If you are using
	ATA device names in /etc/fstab or other places, make sure to update
	them respectively (adX -> adaY, acdX -> cdY, afdX -> daY, astX -> saY,
	where 'Y's are the sequential numbers starting from zero for each type
	in order of detection, unless configured otherwise with tunables,
	see cam(4)). There will be symbolic links created in /dev/ to map
	old adX devices to the respective adaY. They should provide basic
	compatibility for file systems mounting in most cases, but they do
	not support old user-level APIs and do not have respective providers
	in GEOM. Consider using updated management tools with new device names.

	It is possible to load devices ahci, ata, siis and mvs as modules,
	but option ATA_CAM should remain in kernel configuration to make ata
	module work as CAM driver supporting legacy ATA controllers. Device ata
	still can be used in modular fashion (atacore + ...). Modules atadisk
	and atapi* are not used and won't affect operation in ATA_CAM mode.
	Note that to use CAM-based ATA kernel should include CAM devices
	scbus, pass, da (or explicitly ada), cd and optionally others. All of
	them are parts of the cam module.

	ataraid(4) functionality is now supported by the RAID GEOM class.
	To use it you can load geom_raid kernel module and use graid(8) tool
	for management. Instead of /dev/arX device names, use /dev/raid/rX.

	No kernel config options or code have been removed, so if a problem
	arises, please report it and optionally revert to the old ATA stack.
	In order to do it you can remove from the kernel config:
	    options        ATA_CAM
	    device         ahci
	    device         mvs
	    device         siis
	, and instead add back:
	    device         atadisk         # ATA disk drives
	    device         ataraid         # ATA RAID drives
	    device         atapicd         # ATAPI CDROM drives
	    device         atapifd         # ATAPI floppy drives
	    device         atapist         # ATAPI tape drives

20110423:
	The default NFS server has been changed to the new server, which
	was referred to as the experimental server. If you need to switch
	back to the old NFS server, you must now put the "-o" option on
	both the mountd and nfsd commands. This can be done using the
	mountd_flags and nfs_server_flags rc.conf variables until an
	update to the rc scripts is committed, which is coming soon.

20110418:
	The GNU Objective-C runtime library (libobjc), and other Objective-C
	related components have been removed from the base system.  If you
	require an Objective-C library, please use one of the available ports.

20110331:
	ath(4) has been split into bus- and device- modules. if_ath contains
	the HAL, the TX rate control and the network device code. if_ath_pci
	contains the PCI bus glue. For Atheros MIPS embedded systems, if_ath_ahb
	contains the AHB glue. Users need to load both if_ath_pci and if_ath
	in order to use ath on everything else.

	TO REPEAT: if_ath_ahb is not needed for normal users. Normal users only
	need to load if_ath and if_ath_pci for ath(4) operation.

20110314:
	As part of the replacement of sysinstall, the process of building
	release media has changed significantly. For details, please re-read
	release(7), which has been updated to reflect the new build process.

20110218:
	GNU binutils 2.17.50 (as of 2007-07-03) has been merged to -HEAD.  This
	is the last available version under GPLv2.  It brings a number of new
	features, such as support for newer x86 CPU's (with SSE-3, SSSE-3, SSE
	4.1 and SSE 4.2), better support for powerpc64, a number of new
	directives, and lots of other small improvements.  See the ChangeLog
	file in contrib/binutils for the full details.

20110218:
	IPsec's HMAC_SHA256-512 support has been fixed to be RFC4868
	compliant, and will now use half of hash for authentication.
	This will break interoperability with all stacks (including all
	actual FreeBSD versions) who implement
	draft-ietf-ipsec-ciph-sha-256-00 (they use 96 bits of hash for
	authentication).
	The only workaround with such peers is to use another HMAC
	algorithm for IPsec ("phase 2") authentication.

20110207:
	Remove the uio_yield prototype and symbol.  This function has
	been misnamed since it was introduced and should not be
	globally exposed with this name.  The equivalent functionality
	is now available using kern_yield(curthread->td_user_pri).
	The function remains undocumented.

20110112:
	A SYSCTL_[ADD_]UQUAD was added for unsigned uint64_t pointers,
	symmetric with the existing SYSCTL_[ADD_]QUAD.  Type checking
	for scalar sysctls is defined but disabled.  Code that needs
	UQUAD to pass the type checking that must compile on older
	systems where the define is not present can check against
	__FreeBSD_version >= 900030.

	The system dialog(1) has been replaced with a new version previously
	in ports as devel/cdialog. dialog(1) is mostly command-line compatible
	with the previous version, but the libdialog associated with it has
	a largely incompatible API. As such, the original version of libdialog
	will be kept temporarily as libodialog, until its base system consumers
	are replaced or updated. Bump __FreeBSD_version to 900030.

20110103:
	If you are trying to run make universe on a -stable system, and you get
	the following warning:
	"Makefile", line 356: "Target architecture for i386/conf/GENERIC 
	unknown.  config(8) likely too old."
	or something similar to it, then you must upgrade your -stable system
	to 8.2-Release or newer (really, any time after r210146 7/15/2010 in
	stable/8) or build the config from the latest stable/8 branch and
	install it on your system.

	Prior to this date, building a current universe on 8-stable system from
	between 7/15/2010 and 1/2/2011 would result in a weird shell parsing
	error in the first kernel build phase.  A new config on those old 
	systems will fix that problem for older versions of -current.

20101228:
	The TCP stack has been modified to allow Khelp modules to interact with
	it via helper hook points and store per-connection data in the TCP
	control block. Bump __FreeBSD_version to 900029. User space tools that
	rely on the size of struct tcpcb in tcp_var.h (e.g. sockstat) need to
	be recompiled.

20101114:
	Generic IEEE 802.3 annex 31B full duplex flow control support has been
	added to mii(4) and bge(4), bce(4), msk(4), nfe(4) and stge(4) along
	with brgphy(4), e1000phy(4) as well as ip1000phy() have been converted
	to take advantage of it instead of using custom implementations.  This
	means that these drivers now no longer unconditionally advertise
	support for flow control but only do so if flow control is a selected
	media option.  This was implemented in the generic support that way in
	order to allow flow control to be switched on and off via ifconfig(8)
	with the PHY specific default to typically off in order to protect
	from unwanted effects.  Consequently, if you used flow control with
	one of the above mentioned drivers you now need to explicitly enable
	it, for example via:
		ifconfig bge0 media auto mediaopt flowcontrol

	Along with the above mentioned changes generic support for setting
	1000baseT master mode also has been added and brgphy(4), ciphy(4),
	e1000phy(4) as well as ip1000phy(4) have been converted to take
	advantage of it.  This means that these drivers now no longer take the
	link0 parameter for selecting master mode but the master media option
	has to be used instead, for example like in the following:
		ifconfig bge0 media 1000baseT mediaopt full-duplex,master

	Selection of master mode now is also available with all other PHY
	drivers supporting 1000baseT.

20101111:
	The TCP stack has received a significant update to add support for
	modularised congestion control and generally improve the clarity of
	congestion control decisions. Bump __FreeBSD_version to 900025. User
	space tools that rely on the size of struct tcpcb in tcp_var.h (e.g.
	sockstat) need to be recompiled.

20101002:
	The man(1) utility has been replaced by a new version that no longer
	uses /etc/manpath.config. Please consult man.conf(5) for how to
	migrate local entries to the new format.

20100928:
	The copyright strings printed by login(1) and sshd(8) at the time of a
	new connection have been removed to follow other operating systems and
	upstream sshd.

20100915:
	A workaround for a fixed ld bug has been removed in kernel code,
	so make sure that your system ld is built from sources after
	revision 210245 from 2010-07-19 (r211583 if building head kernel
	on stable/8, r211584 for stable/7; both from 2010-08-21).
	A symptom of incorrect ld version is different addresses for
	set_pcpu section and __start_set_pcpu symbol in kernel and/or modules.

20100913:
	The $ipv6_prefer variable in rc.conf(5) has been split into
	$ip6addrctl_policy and $ipv6_activate_all_interfaces.

	The $ip6addrctl_policy is a variable to choose a pre-defined
	address selection policy set by ip6addrctl(8).  A value
	"ipv4_prefer", "ipv6_prefer" or "AUTO" can be specified.  The
	default is "AUTO".

	The $ipv6_activate_all_interfaces specifies whether IFDISABLED
	flag (see an entry of 20090926) is set on an interface with no
	corresponding $ifconfig_IF_ipv6 line.  The default is "NO" for
	security reason.  If you want IPv6 link-local address on all
	interfaces by default, set this to "YES".

	The old ipv6_prefer="YES" is equivalent to
	ipv6_activate_all_interfaces="YES" and
	ip6addrctl_policy="ipv6_prefer".

20100913:
	DTrace has grown support for userland tracing. Due to this, DTrace is
	now i386 and amd64 only.
	dtruss(1) is now installed by default on those systems and a new
	kernel module is needed for userland tracing: fasttrap.
	No changes to your kernel config file are necessary to enable
	userland tracing, but you might consider adding 'STRIP=' and
	'CFLAGS+=-fno-omit-frame-pointer' to your make.conf if you want
	to have informative userland stack traces in DTrace (ustack).

20100725:
	The acpi_aiboost(4) driver has been removed in favor of the new
	aibs(4) driver. You should update your kernel configuration file.

20100722:
	BSD grep has been imported to the base system and it is built by
	default.  It is completely BSD licensed, highly GNU-compatible, uses
	less memory than its GNU counterpart and has a small codebase.
	However, it is slower than its GNU counterpart, which is mostly
	noticeable for larger searches, for smaller ones it is measurable
	but not significant.  The reason is complex, the most important factor
	is that we lack a modern and efficient regex library and GNU
	overcomes this by optimizing the searches internally.  Future work
	on improving the regex performance is planned, for the meantime,
	users that need better performance, can build GNU grep instead by
	setting the WITH_GNU_GREP knob.

20100713:
	Due to the import of powerpc64 support, all existing powerpc kernel
	configuration files must be updated with a machine directive like this:
	    machine powerpc powerpc

	In addition, an updated config(8) is required to build powerpc kernels
	after this change.

20100713:
	A new version of ZFS (version 15) has been merged to -HEAD.
	This version uses a python library for the following subcommands:
	zfs allow, zfs unallow, zfs groupspace, zfs userspace.
	For full functionality of these commands the following port must
	be installed: sysutils/py-zfs

20100429:
	'vm_page's are now hashed by physical address to an array of mutexes.
	Currently this is only used to serialize access to hold_count. Over 
	time the page queue mutex will be peeled away. This changes the size
	of pmap on every architecture. And requires all callers of vm_page_hold
	and vm_page_unhold to be updated. 
 
20100402:
	WITH_CTF can now be specified in src.conf (not recommended, there
	are some problems with static executables), make.conf (would also
	affect ports which do not use GNU make and do not override the
	compile targets) or in the kernel config (via "makeoptions
	WITH_CTF=yes").
	When WITH_CTF was specified there before this was silently ignored,
	so make sure that WITH_CTF is not used in places which could lead
	to unwanted behavior.

20100311:
	The kernel option COMPAT_IA32 has been replaced with COMPAT_FREEBSD32
	to allow 32-bit compatibility on non-x86 platforms. All kernel
	configurations on amd64 and ia64 platforms using these options must
	be modified accordingly.

20100113:
	The utmp user accounting database has been replaced with utmpx,
	the user accounting interface standardized by POSIX.
	Unfortunately the semantics of utmp and utmpx don't match,
	making it practically impossible to support both interfaces.
	The user accounting database is used by tools like finger(1),
	last(1), talk(1), w(1) and ac(8).

	All applications in the base system use utmpx.  This means only
	local binaries (e.g. from the ports tree) may still use these
	utmp database files.  These applications must be rebuilt to make
	use of utmpx.

	After the system has been upgraded, it is safe to remove the old
	log files (/var/run/utmp, /var/log/lastlog and /var/log/wtmp*),
	assuming their contents is of no importance anymore.  Old wtmp
	databases can only be used by last(1) and ac(8) after they have
	been converted to the new format using wtmpcvt(1).

20100108:
	Introduce the kernel thread "deadlock resolver" (which can be enabled
	via the DEADLKRES option, see NOTES for more details) and the
	sleepq_type() function for sleepqueues.

20091202:
	The rc.firewall and rc.firewall6 were unified, and
	rc.firewall6 and rc.d/ip6fw were removed.
	According to the removal of rc.d/ip6fw, ipv6_firewall_* rc
	variables are obsoleted.  Instead, the following new rc
	variables are added to rc.d/ipfw:

		firewall_client_net_ipv6, firewall_simple_iif_ipv6,
		firewall_simple_inet_ipv6, firewall_simple_oif_ipv6,
		firewall_simple_onet_ipv6, firewall_trusted_ipv6

	The meanings correspond to the relevant IPv4 variables.

20091125:
	8.0-RELEASE.

20091113:
	The default terminal emulation for syscons(4) has been changed
	from cons25 to xterm on all platforms except pc98.  This means
	that the /etc/ttys file needs to be updated to ensure correct
	operation of applications on the console.

	The terminal emulation style can be toggled per window by using
	vidcontrol(1)'s -T flag.  The TEKEN_CONS25 kernel configuration
	options can be used to change the compile-time default back to
	cons25.

	To prevent graphical artifacts, make sure the TERM environment
	variable is set to match the terminal emulation that is being
	performed by syscons(4).

20091109:
	The layout of the structure ieee80211req_scan_result has changed.
	Applications that require wireless scan results (e.g. ifconfig(8))
	from net80211 need to be recompiled.

	Applications such as wpa_supplicant(8) may require a full world
	build without using NO_CLEAN in order to get synchronized with the
	new structure.

20091025:
	The iwn(4) driver has been updated to support the 5000 and 5150 series.
	There's one kernel module for each firmware. Adding "device iwnfw"
	to the kernel configuration file means including all three firmware
	images inside the kernel. If you want to include just the one for
	your wireless card, use the devices iwn4965fw, iwn5000fw or
	iwn5150fw.

20090926:
	The rc.d/network_ipv6, IPv6 configuration script has been integrated
	into rc.d/netif.  The changes are the following:

	1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF
	   for IPv4.  For aliases, $ifconfig_IF_aliasN should be used.
	   Note that both variables need the "inet6" keyword at the head.

	   Do not set $ipv6_network_interfaces manually if you do not
	   understand what you are doing.  It is not needed in most cases. 

	   $ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but
	   they are obsolete.

	2. $ipv6_enable is obsolete.  Use $ipv6_prefer and
	   "inet6 accept_rtadv" keyword in ifconfig(8) instead.

	   If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and
	   all configured interfaces have "inet6 accept_rtadv" in the
	   $ifconfig_IF_ipv6.  These are for backward compatibility.

	3. A new variable $ipv6_prefer has been added.  If NO, IPv6
	   functionality of interfaces with no corresponding
	   $ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag,
	   and the default address selection policy of ip6addrctl(8) 
	   is the IPv4-preferred one (see rc.d/ip6addrctl for more details).
	   Note that if you want to configure IPv6 functionality on the
	   disabled interfaces after boot, first you need to clear the flag by
	   using ifconfig(8) like:

		ifconfig em0 inet6 -ifdisabled

	   If YES, the default address selection policy is set as
	   IPv6-preferred.

	   The default value of $ipv6_prefer is NO.

	4. If your system need to receive Router Advertisement messages,
	   define "inet6 accept_rtadv" in $ifconfig_IF_ipv6.  The rc(8)
	   scripts automatically invoke rtsol(8) when the interface becomes
	   UP.  The Router Advertisement messages are used for SLAAC
	   (State-Less Address AutoConfiguration).

20090922:
	802.11s D3.03 support was committed. This is incompatible with the
	previous code, which was based on D3.0.

20090912:
	A sysctl variable net.inet6.ip6.accept_rtadv now sets the default value
	of a per-interface flag ND6_IFF_ACCEPT_RTADV, not a global knob to
	control whether accepting Router Advertisement messages or not.
	Also, a per-interface flag ND6_IFF_AUTO_LINKLOCAL has been added and
	a sysctl variable net.inet6.ip6.auto_linklocal is its default value.
	The ifconfig(8) utility now supports these flags.

20090910:
	ZFS snapshots are now mounted with MNT_IGNORE flag. Use -v option for
	mount(8) and -a option for df(1) to see them.

20090825:
	The old tunable hw.bus.devctl_disable has been superseded by
	hw.bus.devctl_queue.  hw.bus.devctl_disable=1 in loader.conf should be
	replaced by hw.bus.devctl_queue=0.  The default for this new tunable
	is 1000.

20090813:
	Remove the option STOP_NMI.  The default action is now to use NMI only
	for KDB via the newly introduced function stop_cpus_hard() and
	maintain stop_cpus() to just use a normal IPI_STOP on ia32 and amd64.

20090803:
	The stable/8 branch created in subversion.  This corresponds to the
	RELENG_8 branch in CVS.

20090719:
	Bump the shared library version numbers for all libraries that do not
	use symbol versioning as part of the 8.0-RELEASE cycle.  Bump
	__FreeBSD_version to 800105.

20090714:
	Due to changes in the implementation of virtual network stack support,
	all network-related kernel modules must be recompiled.  As this change
	breaks the ABI, bump __FreeBSD_version to 800104.

20090713:
	The TOE interface to the TCP syncache has been modified to remove
	struct tcpopt (<netinet/tcp_var.h>) from the ABI of the network stack.
	The cxgb driver is the only TOE consumer affected by this change, and
	needs to be recompiled along with the kernel. As this change breaks
	the ABI, bump __FreeBSD_version to 800103.

20090712: 
	Padding has been added to struct tcpcb, sackhint and tcpstat in
	<netinet/tcp_var.h> to facilitate future MFCs and bug fixes whilst
	maintaining the ABI. However, this change breaks the ABI, so bump
	__FreeBSD_version to 800102. User space tools that rely on the size of
	any of these structs (e.g. sockstat) need to be recompiled.

20090630:
	The NFS_LEGACYRPC option has been removed along with the old kernel
	RPC implementation that this option selected. Kernel configurations
	may need to be adjusted.

20090629:
	The network interface device nodes at /dev/net/<interface> have been
	removed.  All ioctl operations can be performed the normal way using
	routing sockets.  The kqueue functionality can generally be replaced
	with routing sockets.

20090628:
	The documentation from the FreeBSD Documentation Project (Handbook,
	FAQ, etc.) is now installed via packages by sysinstall(8) and under
	the /usr/local/share/doc/freebsd directory instead of /usr/share/doc.

20090624:
	The ABI of various structures related to the SYSV IPC API have been
	changed.  As a result, the COMPAT_FREEBSD[456] and COMPAT_43 kernel
	options now all require COMPAT_FREEBSD7.  Bump __FreeBSD_version to
	800100.

20090622:
	Layout of struct vnet has changed as routing related variables were
	moved to their own Vimage module. Modules need to be recompiled.  Bump
	__FreeBSD_version to 800099.

20090619:
	NGROUPS_MAX and NGROUPS have been increased from 16 to 1023 and 1024
	respectively.  As long as no more than 16 groups per process are used,
	no changes should be visible.  When more than 16 groups are used, old
	binaries may fail if they call getgroups() or getgrouplist() with
	statically sized storage.  Recompiling will work around this, but
	applications should be modified to use dynamically allocated storage
	for group arrays as POSIX.1-2008 does not cap an implementation's
	number of supported groups at NGROUPS_MAX+1 as previous versions did.

	NFS and portalfs mounts may also be affected as the list of groups is
	truncated to 16.  Users of NFS who use more than 16 groups, should
	take care that negative group permissions are not used on the exported
	file systems as they will not be reliable unless a GSSAPI based
	authentication method is used.

20090616: 
	The compiling option ADAPTIVE_LOCKMGRS has been introduced.  This
	option compiles in the support for adaptive spinning for lockmgrs
	which want to enable it.  The lockinit() function now accepts the flag
	LK_ADAPTIVE in order to make the lock object subject to adaptive
	spinning when both held in write and read mode.

20090613:
	The layout of the structure returned by IEEE80211_IOC_STA_INFO has
	changed.  User applications that use this ioctl need to be rebuilt.

20090611:
	The layout of struct thread has changed.  Kernel and modules need to
	be rebuilt.

20090608:
	The layout of structs ifnet, domain, protosw and vnet_net has changed.
	Kernel modules need to be rebuilt.  Bump __FreeBSD_version to 800097.

20090602:
	window(1) has been removed from the base system. It can now be
	installed from ports. The port is called misc/window.

20090601:
	The way we are storing and accessing `routing table' entries has
	changed. Programs reading the FIB, like netstat, need to be
	re-compiled.

20090601:
	A new netisr implementation has been added for FreeBSD 8.  Network
	file system modules, such as igmp, ipdivert, and others, should be
	rebuilt.
	Bump __FreeBSD_version to 800096.

20090530:
	Remove the tunable/sysctl debug.mpsafevfs as its initial purpose is no
	more valid.

20090530:
	Add VOP_ACCESSX(9).  File system modules need to be rebuilt.
	Bump __FreeBSD_version to 800094.

20090529:
	Add mnt_xflag field to 'struct mount'.  File system modules need to be
	rebuilt.
	Bump __FreeBSD_version to 800093.

20090528:
	The compiling option ADAPTIVE_SX has been retired while it has been
	introduced the option NO_ADAPTIVE_SX which handles the reversed logic.
	The KPI for sx_init_flags() changes as accepting flags:
	SX_ADAPTIVESPIN flag has been retired while the SX_NOADAPTIVE flag has
	been introduced in order to handle the reversed logic.
	Bump __FreeBSD_version to 800092.

20090527:
	Add support for hierarchical jails.  Remove global securelevel.
	Bump __FreeBSD_version to 800091.

20090523:
	The layout of struct vnet_net has changed, therefore modules
	need to be rebuilt.
	Bump __FreeBSD_version to 800090.

20090523:
	The newly imported zic(8) produces a new format in the output. Please
	run tzsetup(8) to install the newly created data to /etc/localtime.

20090520:
	The sysctl tree for the usb stack has renamed from hw.usb2.* to
	hw.usb.* and is now consistent again with previous releases.

20090520:
	802.11 monitor mode support was revised and driver api's were changed.
	Drivers dependent on net80211 now support DLT_IEEE802_11_RADIO instead
	of DLT_IEEE802_11.  No user-visible data structures were changed but
	applications that use DLT_IEEE802_11 may require changes.
	Bump __FreeBSD_version to 800088.

20090430:
	The layout of the following structs has changed: sysctl_oid,
	socket, ifnet, inpcbinfo, tcpcb, syncache_head, vnet_inet,
	vnet_inet6 and vnet_ipfw.  Most modules need to be rebuild or
	panics may be experienced.  World rebuild is required for
	correctly checking networking state from userland.
	Bump __FreeBSD_version to 800085.

20090429:
	MLDv2 and Source-Specific Multicast (SSM) have been merged
	to the IPv6 stack. VIMAGE hooks are in but not yet used.
	The implementation of SSM within FreeBSD's IPv6 stack closely
	follows the IPv4 implementation.

	For kernel developers:

	* The most important changes are that the ip6_output() and
	  ip6_input() paths no longer take the IN6_MULTI_LOCK,
	  and this lock has been downgraded to a non-recursive mutex.

	* As with the changes to the IPv4 stack to support SSM, filtering
	  of inbound multicast traffic must now be performed by transport
	  protocols within the IPv6 stack. This does not apply to TCP and
	  SCTP, however, it does apply to UDP in IPv6 and raw IPv6.

	* The KPIs used by IPv6 multicast are similar to those used by
	  the IPv4 stack, with the following differences:
	   * im6o_mc_filter() is analogous to imo_multicast_filter().
	   * The legacy KAME entry points in6_joingroup and in6_leavegroup()
	     are shimmed to in6_mc_join() and in6_mc_leave() respectively.
	   * IN6_LOOKUP_MULTI() has been deprecated and removed.
	   * IPv6 relies on MLD for the DAD mechanism. KAME's internal KPIs
	     for MLDv1 have an additional 'timer' argument which is used to
	     jitter the initial membership report for the solicited-node
	     multicast membership on-link.
	   * This is not strictly needed for MLDv2, which already jitters
	     its report transmissions.  However, the 'timer' argument is
	     preserved in case MLDv1 is active on the interface.

	* The KAME linked-list based IPv6 membership implementation has
	  been refactored to use a vector similar to that used by the IPv4
	  stack.
	  Code which maintains a list of its own multicast memberships
	  internally, e.g. carp, has been updated to reflect the new
	  semantics.

	* There is a known Lock Order Reversal (LOR) due to in6_setscope()
	  acquiring the IF_AFDATA_LOCK and being called within ip6_output().
	  Whilst MLDv2 tries to avoid this otherwise benign LOR, it is an
	  implementation constraint which needs to be addressed in HEAD.

	For application developers:

	* The changes are broadly similar to those made for the IPv4
	  stack.

	* The use of IPv4 and IPv6 multicast socket options on the same
	  socket, using mapped addresses, HAS NOT been tested or supported.

	* There are a number of issues with the implementation of various
	  IPv6 multicast APIs which need to be resolved in the API surface
	  before the implementation is fully compatible with KAME userland
	  use, and these are mostly to do with interface index treatment.

	* The literature available discusses the use of either the delta / ASM
	  API with setsockopt(2)/getsockopt(2), or the full-state / ASM API
	  using setsourcefilter(3)/getsourcefilter(3). For more information
	  please refer to RFC 3768, 'Socket Interface Extensions for
	  Multicast Source Filters'.

	* Applications which use the published RFC 3678 APIs should be fine.

	For systems administrators:

	* The mtest(8) utility has been refactored to support IPv6, in
	  addition to IPv4. Interface addresses are no longer accepted
	  as arguments, their names must be used instead. The utility
	  will map the interface name to its first IPv4 address as
	  returned by getifaddrs(3).

	* The ifmcstat(8) utility has also been updated to print the MLDv2
	  endpoint state and source filter lists via sysctl(3).

	* The net.inet6.ip6.mcast.loop sysctl may be tuned to 0 to disable
	  loopback of IPv6 multicast datagrams by default; it defaults to 1
	  to preserve the existing behaviour. Disabling multicast loopback is
	  recommended for optimal system performance.

	* The IPv6 MROUTING code has been changed to examine this sysctl
	  instead of attempting to perform a group lookup before looping
	  back forwarded datagrams.

	Bump __FreeBSD_version to 800084.

20090422:
	Implement low-level Bluetooth HCI API.
	Bump __FreeBSD_version to 800083.

20090419:
	The layout of struct malloc_type, used by modules to register new
	memory allocation types, has changed.  Most modules will need to
	be rebuilt or panics may be experienced.
	Bump __FreeBSD_version to 800081.

20090415:
	Anticipate overflowing inp_flags - add inp_flags2.
	This changes most offsets in inpcb, so checking v4 connection
	state will require a world rebuild.
	Bump __FreeBSD_version to 800080.

20090415:
	Add an llentry to struct route and struct route_in6. Modules
	embedding a struct route will need to be recompiled.
	Bump __FreeBSD_version to 800079.

20090414:
	The size of rt_metrics_lite and by extension rtentry has changed.
	Networking administration apps will need to be recompiled.
	The route command now supports show as an alias for get, weighting
	of routes, sticky and nostick flags to alter the behavior of stateful
	load balancing.
	Bump __FreeBSD_version to 800078.

20090408:
	Do not use Giant for kbdmux(4) locking. This is wrong and
	apparently causing more problems than it solves. This will
	re-open the issue where interrupt handlers may race with
	kbdmux(4) in polling mode. Typical symptoms include (but
	not limited to) duplicated and/or missing characters when
	low level console functions (such as gets) are used while
	interrupts are enabled (for example geli password prompt,
	mountroot prompt etc.). Disabling kbdmux(4) may help.

20090407:
	The size of structs vnet_net, vnet_inet and vnet_ipfw has changed;
	kernel modules referencing any of the above need to be recompiled.
	Bump __FreeBSD_version to 800075.

20090320:
	GEOM_PART has become the default partition slicer for storage devices,
	replacing GEOM_MBR, GEOM_BSD, GEOM_PC98 and GEOM_GPT slicers. It
	introduces some changes:

	MSDOS/EBR: the devices created from MSDOS extended partition entries
	(EBR) can be named differently than with GEOM_MBR and are now symlinks
	to devices with offset-based names. fstabs may need to be modified.

	BSD: the "geometry does not match label" warning is harmless in most
	cases but it points to problems in file system misalignment with
	disk geometry. The "c" partition is now implicit, covers the whole
	top-level drive and cannot be (mis)used by users.

	General: Kernel dumps are now not allowed to be written to devices
	whose partition types indicate they are meant to be used for file
	systems (or, in case of MSDOS partitions, as something else than
	the "386BSD" type).

	Most of these changes date approximately from 200812.

20090319:
	The uscanner(4) driver has been removed from the kernel. This follows
	Linux removing theirs in 2.6 and making libusb the default interface
	(supported by sane).

20090319:
	The multicast forwarding code has been cleaned up. netstat(1)
	only relies on KVM now for printing bandwidth upcall meters.
	The IPv4 and IPv6 modules are split into ip_mroute_mod and
	ip6_mroute_mod respectively. The config(5) options for statically
	compiling this code remain the same, i.e. 'options MROUTING'.

20090315:
	Support for the IFF_NEEDSGIANT network interface flag has been
	removed, which means that non-MPSAFE network device drivers are no
	longer supported.  In particular, if_ar, if_sr, and network device
	drivers from the old (legacy) USB stack can no longer be built or
	used.

20090313:
	POSIX.1 Native Language Support (NLS) has been enabled in libc and
	a bunch of new language catalog files have also been added.
	This means that some common libc messages are now localized and
	they depend on the LC_MESSAGES environmental variable.

20090313:
	The k8temp(4) driver has been renamed to amdtemp(4) since
	support for Family 10 and Family 11 CPU families was added.

20090309:
	IGMPv3 and Source-Specific Multicast (SSM) have been merged
	to the IPv4 stack. VIMAGE hooks are in but not yet used.

	For kernel developers, the most important changes are that the
	ip_output() and ip_input() paths no longer take the IN_MULTI_LOCK(),
	and this lock has been downgraded to a non-recursive mutex.

	Transport protocols (UDP, Raw IP) are now responsible for filtering
	inbound multicast traffic according to group membership and source
	filters. The imo_multicast_filter() KPI exists for this purpose.
	Transports which do not use multicast (SCTP, TCP) already reject
	multicast by default. Forwarding and receive performance may improve
	as a mutex acquisition is no longer needed in the ip_input()
	low-level input path.  in_addmulti() and in_delmulti() are shimmed
	to new KPIs which exist to support SSM in-kernel.

	For application developers, it is recommended that loopback of
	multicast datagrams be disabled for best performance, as this
	will still cause the lock to be taken for each looped-back
	datagram transmission. The net.inet.ip.mcast.loop sysctl may
	be tuned to 0 to disable loopback by default; it defaults to 1
	to preserve the existing behaviour.

	For systems administrators, to obtain best performance with
	multicast reception and multiple groups, it is always recommended
	that a card with a suitably precise hash filter is used. Hash
	collisions will still result in the lock being taken within the
	transport protocol input path to check group membership.

	If deploying FreeBSD in an environment with IGMP snooping switches,
	it is recommended that the net.inet.igmp.sendlocal sysctl remain
	enabled; this forces 224.0.0.0/24 group membership to be announced
	via IGMP.

	The size of 'struct igmpstat' has changed; netstat needs to be
	recompiled to reflect this.
	Bump __FreeBSD_version to 800070.

20090309:
	libusb20.so.1 is now installed as libusb.so.1 and the ports system
	updated to use it. This requires a buildworld/installworld in order to
	update the library and dependencies (usbconfig, etc). Its advisable to
	rebuild all ports which uses libusb. More specific directions are given
	in the ports collection UPDATING file. Any /etc/libmap.conf entries for
	libusb are no longer required and can be removed.

20090302:
	A workaround is committed to allow the creation of System V shared
	memory segment of size > 2 GB on the 64-bit architectures.
	Due to a limitation of the existing ABI, the shm_segsz member
	of the struct shmid_ds, returned by shmctl(IPC_STAT) call is
	wrong for large segments. Note that limits must be explicitly
	raised to allow such segments to be created.

20090301:
	The layout of struct ifnet has changed, requiring a rebuild of all
	network device driver modules.

20090227:
	The /dev handling for the new USB stack has changed, a
	buildworld/installworld is required for libusb20.

20090223:
	The new USB2 stack has now been permanently moved in and all kernel and
	module names reverted to their previous values (eg, usb, ehci, ohci,
	ums, ...).  The old usb stack can be compiled in by prefixing the name
	with the letter 'o', the old usb modules have been removed.
	Updating entry 20090216 for xorg and 20090215 for libmap may still
	apply.

20090217:
	The rc.conf(5) option if_up_delay has been renamed to
	defaultroute_delay to better reflect its purpose. If you have
	customized this setting in /etc/rc.conf you need to update it to
	use the new name.

20090216:
	xorg 7.4 wants to configure its input devices via hald which does not
	yet work with USB2. If the keyboard/mouse does not work in xorg then
	add
		Option "AllowEmptyInput" "off"
	to your ServerLayout section.  This will cause X to use the configured
	kbd and mouse sections from your xorg.conf.

20090215:
	The GENERIC kernels for all architectures now default to the new USB2
	stack. No kernel config options or code have been removed so if a
	problem arises please report it and optionally revert to the old USB
	stack. If you are loading USB kernel modules or have a custom kernel
	that includes GENERIC then ensure that usb names are also changed over,
	eg uftdi -> usb2_serial_ftdi.

	Older programs linked against the ports libusb 0.1 need to be
	redirected to the new stack's libusb20.  /etc/libmap.conf can
	be used for this:
		# Map old usb library to new one for usb2 stack
		libusb-0.1.so.8	libusb20.so.1

20090209:
	All USB ethernet devices now attach as interfaces under the name ueN
	(eg. ue0). This is to provide a predictable name as vendors often
	change usb chipsets in a product without notice.

20090203:
	The ichsmb(4) driver has been changed to require SMBus slave
	addresses be left-justified (xxxxxxx0b) rather than right-justified.
	All of the other SMBus controller drivers require left-justified
	slave addresses, so this change makes all the drivers provide the
	same interface.

20090201:
	INET6 statistics (struct ip6stat) was updated.
	netstat(1) needs to be recompiled.

20090119:
	NTFS has been removed from GENERIC kernel on amd64 to match
	GENERIC on i386. Should not cause any issues since mount_ntfs(8)
	will load ntfs.ko module automatically when NTFS support is
	actually needed, unless ntfs.ko is not installed or security
	level prohibits loading kernel modules. If either is the case,
	"options NTFS" has to be added into kernel config.

20090115:
	TCP Appropriate Byte Counting (RFC 3465) support added to kernel.
	New field in struct tcpcb breaks ABI, so bump __FreeBSD_version to
	800061. User space tools that rely on the size of struct tcpcb in
	tcp_var.h (e.g. sockstat) need to be recompiled.

20081225:
	ng_tty(4) module updated to match the new TTY subsystem.
	Due to API change, user-level applications must be updated.
	New API support added to mpd5 CVS and expected to be present
	in next mpd5.3 release.

20081219:
	With __FreeBSD_version 800060 the makefs tool is part of
	the base system (it was a port).

20081216:
	The afdata and ifnet locks have been changed from mutexes to
	rwlocks, network modules will need to be re-compiled.

20081214:
	__FreeBSD_version 800059 incorporates the new arp-v2 rewrite.
	RTF_CLONING, RTF_LLINFO and RTF_WASCLONED flags are eliminated.
	The new code reduced struct rtentry{} by 16 bytes on 32-bit
	architecture and 40 bytes on 64-bit architecture. The userland
	applications "arp" and "ndp" have been updated accordingly.
	The output from "netstat -r" shows only routing entries and
	none of the L2 information.

20081130:
	__FreeBSD_version 800057 marks the switchover from the
	binary ath hal to source code. Users must add the line:

	options	AH_SUPPORT_AR5416

	to their kernel config files when specifying:

	device	ath_hal

	The ath_hal module no longer exists; the code is now compiled
	together with the driver in the ath module.  It is now
	possible to tailor chip support (i.e. reduce the set of chips
	and thereby the code size); consult ath_hal(4) for details.

20081121:
	__FreeBSD_version 800054 adds memory barriers to
	<machine/atomic.h>, new interfaces to ifnet to facilitate
	multiple hardware transmit queues for cards that support
	them, and a lock-less ring-buffer implementation to
	enable drivers to more efficiently manage queueing of
	packets.

20081117:
	A new version of ZFS (version 13) has been merged to -HEAD.
	This version has zpool attribute "listsnapshots" off by
	default, which means "zfs list" does not show snapshots,
	and is the same as Solaris behavior.

20081028:
	dummynet(4) ABI has changed. ipfw(8) needs to be recompiled.

20081009:
	The uhci, ohci, ehci and slhci USB Host controller drivers have
	been put into separate modules. If you load the usb module
	separately through loader.conf you will need to load the
	appropriate *hci module as well. E.g. for a UHCI-based USB 2.0
	controller add the following to loader.conf:

		uhci_load="YES"
		ehci_load="YES"

20081009:
	The ABI used by the PMC toolset has changed.  Please keep
	userland (libpmc(3)) and the kernel module (hwpmc(4)) in
	sync.

20081009:
	atapci kernel module now includes only generic PCI ATA
	driver. AHCI driver moved to ataahci kernel module.
	All vendor-specific code moved into separate kernel modules:
	ataacard, ataacerlabs, ataadaptec, ataamd, ataati, atacenatek,
	atacypress, atacyrix, atahighpoint, ataintel, ataite, atajmicron,
	atamarvell, atamicron, atanational, atanetcell, atanvidia,
	atapromise, ataserverworks, atasiliconimage, atasis, atavia

20080820:
	The TTY subsystem of the kernel has been replaced by a new
	implementation, which provides better scalability and an
	improved driver model. Most common drivers have been migrated to
	the new TTY subsystem, while others have not. The following
	drivers have not yet been ported to the new TTY layer:

	PCI/ISA:
		cy, digi, rc, rp, sio

	USB:
		ubser, ucycom

	Line disciplines:
		ng_h4, ng_tty, ppp, sl, snp

	Adding these drivers to your kernel configuration file shall
	cause compilation to fail.

20080818:
	ntpd has been upgraded to 4.2.4p5.

20080801:
	OpenSSH has been upgraded to 5.1p1.

	For many years, FreeBSD's version of OpenSSH preferred DSA
	over RSA for host and user authentication keys.  With this
	upgrade, we've switched to the vendor's default of RSA over
	DSA.  This may cause upgraded clients to warn about unknown
	host keys even for previously known hosts.  Users should
	follow the usual procedure for verifying host keys before
	accepting the RSA key.

	This can be circumvented by setting the "HostKeyAlgorithms"
	option to "ssh-dss,ssh-rsa" in ~/.ssh/config or on the ssh
	command line.

	Please note that the sequence of keys offered for
	authentication has been changed as well.  You may want to
	specify IdentityFile in a different order to revert this
	behavior.

20080713:
	The sio(4) driver has been removed from the i386 and amd64
	kernel configuration files. This means uart(4) is now the
	default serial port driver on those platforms as well.

	To prevent collisions with the sio(4) driver, the uart(4) driver
	uses different names for its device nodes. This means the
	onboard serial port will now most likely be called "ttyu0"
	instead of "ttyd0". You may need to reconfigure applications to
	use the new device names.

	When using the serial port as a boot console, be sure to update
	/boot/device.hints and /etc/ttys before booting the new kernel.
	If you forget to do so, you can still manually specify the hints
	at the loader prompt:

		set hint.uart.0.at="isa"
		set hint.uart.0.port="0x3F8"
		set hint.uart.0.flags="0x10"
		set hint.uart.0.irq="4"
		boot -s

20080609:
	The gpt(8) utility has been removed. Use gpart(8) to partition
	disks instead.

20080603:
	The version that Linuxulator emulates was changed from 2.4.2
	to 2.6.16. If you experience any problems with Linux binaries
	please try to set sysctl compat.linux.osrelease to 2.4.2 and
	if it fixes the problem contact emulation mailing list.

20080525:
	ISDN4BSD (I4B) was removed from the src tree. You may need to
	update a your kernel configuration and remove relevant entries.

20080509:
	I have checked in code to support multiple routing tables.
	See the man pages setfib(1) and setfib(2).
	This is a hopefully backwards compatible version,
	but to make use of it you need to compile your kernel
	with options ROUTETABLES=2 (or more up to 16).

20080420:
	The 802.11 wireless support was redone to enable multi-bss
	operation on devices that are capable.  The underlying device
	is no longer used directly but instead wlanX devices are
	cloned with ifconfig.  This requires changes to rc.conf files.
	For example, change:
		ifconfig_ath0="WPA DHCP"
	to
		wlans_ath0=wlan0
		ifconfig_wlan0="WPA DHCP"
	see rc.conf(5) for more details.  In addition, mergemaster of
	/etc/rc.d is highly recommended.  Simultaneous update of userland
	and kernel wouldn't hurt either.

	As part of the multi-bss changes the wlan_scan_ap and wlan_scan_sta
	modules were merged into the base wlan module.  All references
	to these modules (e.g. in kernel config files) must be removed.

20080408:
	psm(4) has gained write(2) support in native operation level.
	Arbitrary commands can be written to /dev/psm%d and status can
	be read back from it.  Therefore, an application is responsible
	for status validation and error recovery.  It is a no-op in
	other operation levels.

20080312:
	Support for KSE threading has been removed from the kernel.  To
	run legacy applications linked against KSE libmap.conf may
	be used.  The following libmap.conf may be used to ensure
	compatibility with any prior release:

	libpthread.so.1 libthr.so.1
	libpthread.so.2 libthr.so.2
	libkse.so.3 libthr.so.3

20080301:
	The layout of struct vmspace has changed. This affects libkvm
	and any executables that link against libkvm and use the
	kvm_getprocs() function. In particular, but not exclusively,
	it affects ps(1), fstat(1), pkill(1), systat(1), top(1) and w(1).
	The effects are minimal, but it's advisable to upgrade world
	nonetheless.

20080229:
	The latest em driver no longer has support in it for the
	82575 adapter, this is now moved to the igb driver. The
	split was done to make new features that are incompatible
	with older hardware easier to do.

20080220:
	The new geom_lvm(4) geom class has been renamed to geom_linux_lvm(4),
	likewise the kernel option is now GEOM_LINUX_LVM.

20080211:
	The default NFS mount mode has changed from UDP to TCP for
	increased reliability.  If you rely on (insecurely) NFS
	mounting across a firewall you may need to update your
	firewall rules.

20080208:
	Belatedly note the addition of m_collapse for compacting
	mbuf chains.

20080126:
	The fts(3) structures have been changed to use adequate
	integer types for their members and so to be able to cope
	with huge file trees.  The old fts(3) ABI is preserved
	through symbol versioning in libc, so third-party binaries
	using fts(3) should still work, although they will not take
	advantage of the extended types.  At the same time, some
	third-party software might fail to build after this change
	due to unportable assumptions made in its source code about
	fts(3) structure members.  Such software should be fixed
	by its vendor or, in the worst case, in the ports tree.
	FreeBSD_version 800015 marks this change for the unlikely
	case that a portable fix is impossible.

20080123:
	To upgrade to -current after this date, you must be running
	FreeBSD not older than 6.0-RELEASE.  Upgrading to -current
	from 5.x now requires a stop over at RELENG_6 or RELENG_7 systems.

20071128:
	The ADAPTIVE_GIANT kernel option has been retired because its
	functionality is the default now.

20071118:
	The AT keyboard emulation of sunkbd(4) has been turned on
	by default. In order to make the special symbols of the Sun
	keyboards driven by sunkbd(4) work under X these now have
	to be configured the same way as Sun USB keyboards driven
	by ukbd(4) (which also does AT keyboard emulation), f.e.:

	Option	"XkbLayout" "us"
	Option	"XkbRules" "xorg"
	Option	"XkbSymbols" "pc(pc105)+sun_vndr/usb(sun_usb)+us"

20071024:
	It has been decided that it is desirable to provide ABI
	backwards compatibility to the FreeBSD 4/5/6 versions of the
	PCIOCGETCONF, PCIOCREAD and PCIOCWRITE IOCTLs, which was
	broken with the introduction of PCI domain support (see the
	20070930 entry). Unfortunately, this required the ABI of
	PCIOCGETCONF to be broken again in order to be able to
	provide backwards compatibility to the old version of that
	IOCTL. Thus consumers of PCIOCGETCONF have to be recompiled
	again. As for prominent ports this affects neither pciutils
	nor xorg-server this time, the hal port needs to be rebuilt
	however.

20071020:
	The misnamed kthread_create() and friends have been renamed
	to kproc_create() etc. Many of the callers already
	used kproc_start()..
	I will return kthread_create() and friends in a while
	with implementations that actually create threads, not procs.
	Renaming corresponds with version 800002.

20071010:
	RELENG_7 branched.

COMMON ITEMS:

	General Notes
	-------------
	Avoid using make -j when upgrading.  While generally safe, there are
	sometimes problems using -j to upgrade.  If your upgrade fails with
	-j, please try again without -j.  From time to time in the past there
	have been problems using -j with buildworld and/or installworld.  This
	is especially true when upgrading between "distant" versions (eg one
	that cross a major release boundary or several minor releases, or when
	several months have passed on the -current branch).

	Sometimes, obscure build problems are the result of environment
	poisoning.  This can happen because the make utility reads its
	environment when searching for values for global variables.  To run
	your build attempts in an "environmental clean room", prefix all make
	commands with 'env -i '.  See the env(1) manual page for more details.

	When upgrading from one major version to another it is generally best
	to upgrade to the latest code in the currently installed branch first,
	then do an upgrade to the new branch. This is the best-tested upgrade
	path, and has the highest probability of being successful.  Please try
	this approach before reporting problems with a major version upgrade.

	When upgrading a live system, having a root shell around before
	installing anything can help undo problems. Not having a root shell
	around can lead to problems if pam has changed too much from your
	starting point to allow continued authentication after the upgrade.

	ZFS notes
	---------
	When upgrading the boot ZFS pool to a new version, always follow
	these two steps:

	1.) recompile and reinstall the ZFS boot loader and boot block
	(this is part of "make buildworld" and "make installworld")

	2.) update the ZFS boot block on your boot drive

	The following example updates the ZFS boot block on the first
	partition (freebsd-boot) of a GPT partitioned drive ad0:
	"gpart bootcode -p /boot/gptzfsboot -i 1 ad0"

	Non-boot pools do not need these updates.

	To build a kernel
	-----------------
	If you are updating from a prior version of FreeBSD (even one just
	a few days old), you should follow this procedure.  It is the most
	failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,

	make kernel-toolchain
	make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
	make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE

	To test a kernel once
	---------------------
	If you just want to boot a kernel once (because you are not sure
	if it works, or if you want to boot a known bad kernel to provide
	debugging information) run
	make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
	nextboot -k testkernel

	To just build a kernel when you know that it won't mess you up
	--------------------------------------------------------------
	This assumes you are already running a CURRENT system.  Replace
	${arch} with the architecture of your machine (e.g. "i386",
	"arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).

	cd src/sys/${arch}/conf
	config KERNEL_NAME_HERE
	cd ../compile/KERNEL_NAME_HERE
	make depend
	make
	make install

	If this fails, go to the "To build a kernel" section.

	To rebuild everything and install it on the current system.
	-----------------------------------------------------------
	# Note: sometimes if you are running current you gotta do more than
	# is listed here if you are upgrading from a really old current.

	<make sure you have good level 0 dumps>
	make buildworld
	make kernel KERNCONF=YOUR_KERNEL_HERE
							[1]
	<reboot in single user>				[3]
	mergemaster -p					[5]
	make installworld
	mergemaster -i					[4]
	make delete-old					[6]
	<reboot>

	To cross-install current onto a separate partition
	--------------------------------------------------
	# In this approach we use a separate partition to hold
	# current's root, 'usr', and 'var' directories.   A partition
	# holding "/", "/usr" and "/var" should be about 2GB in
	# size.

	<make sure you have good level 0 dumps>
	<boot into -stable>
	make buildworld
	make buildkernel KERNCONF=YOUR_KERNEL_HERE
	<maybe newfs current's root partition>
	<mount current's root partition on directory ${CURRENT_ROOT}>
	make installworld DESTDIR=${CURRENT_ROOT}
	make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
	make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
	cp /etc/fstab ${CURRENT_ROOT}/etc/fstab 		   # if newfs'd
	<edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
	<reboot into current>
	<do a "native" rebuild/install as described in the previous section>
	<maybe install compatibility libraries from ports/misc/compat*>
	<reboot>


	To upgrade in-place from stable to current
	----------------------------------------------
	<make sure you have good level 0 dumps>
	make buildworld					[9]
	make kernel KERNCONF=YOUR_KERNEL_HERE		[8]
							[1]
	<reboot in single user>				[3]
	mergemaster -p					[5]
	make installworld
	mergemaster -i					[4]
	make delete-old					[6]
	<reboot>

	Make sure that you've read the UPDATING file to understand the
	tweaks to various things you need.  At this point in the life
	cycle of current, things change often and you are on your own
	to cope.  The defaults can also change, so please read ALL of
	the UPDATING entries.

	Also, if you are tracking -current, you must be subscribed to
	freebsd-current@freebsd.org.  Make sure that before you update
	your sources that you have read and understood all the recent
	messages there.  If in doubt, please track -stable which has
	much fewer pitfalls.

	[1] If you have third party modules, such as vmware, you
	should disable them at this point so they don't crash your
	system on reboot.

	[3] From the bootblocks, boot -s, and then do
		fsck -p
		mount -u /
		mount -a
		cd src
		adjkerntz -i		# if CMOS is wall time
	Also, when doing a major release upgrade, it is required that
	you boot into single user mode to do the installworld.

	[4] Note: This step is non-optional.  Failure to do this step
	can result in a significant reduction in the functionality of the
	system.  Attempting to do it by hand is not recommended and those
	that pursue this avenue should read this file carefully, as well
	as the archives of freebsd-current and freebsd-hackers mailing lists
	for potential gotchas.  The -U option is also useful to consider.
	See mergemaster(8) for more information.

	[5] Usually this step is a noop.  However, from time to time
	you may need to do this if you get unknown user in the following
	step.  It never hurts to do it all the time.  You may need to
	install a new mergemaster (cd src/usr.sbin/mergemaster && make
	install) after the buildworld before this step if you last updated
	from current before 20130425 or from -stable before 20130430.

	[6] This only deletes old files and directories. Old libraries
	can be deleted by "make delete-old-libs", but you have to make
	sure that no program is using those libraries anymore.

	[8] In order to have a kernel that can run the 4.x binaries needed to
	do an installworld, you must include the COMPAT_FREEBSD4 option in
	your kernel.  Failure to do so may leave you with a system that is
	hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is
	required to run the 5.x binaries on more recent kernels.  And so on
	for COMPAT_FREEBSD6 and COMPAT_FREEBSD7.

	Make sure that you merge any new devices from GENERIC since the
	last time you updated your kernel config file.

	[9] When checking out sources, you must include the -P flag to have
	cvs prune empty directories.

	If CPUTYPE is defined in your /etc/make.conf, make sure to use the
	"?=" instead of the "=" assignment operator, so that buildworld can
	override the CPUTYPE if it needs to.

	MAKEOBJDIRPREFIX must be defined in an environment variable, and
	not on the command line, or in /etc/make.conf.  buildworld will
	warn if it is improperly defined.
FORMAT:

This file contains a list, in reverse chronological order, of major
breakages in tracking -current.  It is not guaranteed to be a complete
list of such breakages, and only contains entries since October 10, 2007.
If you need to see UPDATING entries from before that date, you will need
to fetch an UPDATING file from an older FreeBSD release.

Copyright information:

Copyright 1998-2009 M. Warner Losh.  All Rights Reserved.

Redistribution, publication, translation and use, with or without
modification, in full or in part, in any form or format of this
document are permitted without further permission from the author.

THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.  IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

Contact Warner Losh if you have any questions about your use of
this document.

$FreeBSD: releng/10.1/UPDATING 284536 2015-06-18 05:36:45Z delphij $