UPDATING revision 322343
1Updating Information for FreeBSD current users. 2 3This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>. 4See end of file for further details. For commonly done items, please see the 5COMMON ITEMS: section later in the file. These instructions assume that you 6basically know what you are doing. If not, then please consult the FreeBSD 7handbook: 8 9 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html 10 11Items affecting the ports and packages system can be found in 12/usr/ports/UPDATING. Please read that file before running portupgrade. 13 14NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping 15from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to 16the tip of head, and then rebuild without this option. The bootstrap process 17from older version of current across the gcc/clang cutover is a bit fragile. 18 1920170810 p12 FreeBSD-SA-17:06.openssh 20 FreeBSD-EN-17:07.vnet 21 22 Fix OpenSSH Denial of Service vulnerability. [SA-17:06] 23 24 Fix VNET kernel panic with asynchronous I/O. [EN-17:07] 25 2620170712 p11 FreeBSD-SA-17:05.heimdal 27 28 Fix heimdal KDC-REP service name validation vulnerability. 29 3020170427 p10 FreeBSD-SA-17:04.ipfilter 31 32 Fix ipfilter(4) fragment handling panic. [SA-17:04] 33 3420170412 p9 FreeBSD-SA-17:03.ntp 35 FreeBSD-EN-17:05.xen 36 37 Fix multiple vulnerabilities of ntp. [SA-17:03] 38 39 Xen migration enhancements. [EN-17:05] 40 4120170223 p8 FreeBSD-SA-17:02.openssl 42 FreeBSD-EN-17:01.pcie 43 FreeBSD-EN-17:02.yp 44 FreeBSD-EN-17:03.hyperv 45 FreeBSD-EN-17:04.mandoc 46 47 Fix multiple vulnerabilities of OpenSSL. [SA-17:02] 48 49 Fix system hang when booting when PCI-express HotPlug is enabled. 50 [EN-17:01] 51 52 Fix NIS master updates are not pushed to NIS slave. [EN-17:02] 53 54 Fix compatibility with Hyper-V/storage after KB3172614 or 55 KB3179574. [EN-17:03] 56 57 Make makewhatis output reproducible. [EN-17:04] 58 5920170111 p7 FreeBSD-SA-17:01.openssh 60 61 Fix multiple vulnerabilities of OpenSSH. 62 6320161222 p6 FreeBSD-SA-16:39.ntp 64 65 Fix multiple vulnerabilities of ntp. 66 6720161208 p5 FreeBSD-SA-16:37.libc [revised] 68 69 Fix regressions introduced by SA-16:37.libc. 70 7120161206 p4 FreeBSD-SA-16:36.telnetd 72 FreeBSD-SA-16:37.libc 73 FreeBSD-SA-16:38.bhyve 74 FreeBSD-EN-16:19.tzcode 75 FreeBSD-EN-16:20.tzdata 76 FreeBSD-EN-16:21.localedef 77 78 Fix possible login(1) argument injection in telnetd(8). [SA-16:36] 79 Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] 80 Fix possible escape from bhyve(8) virtual machine. [SA-16:38] 81 Fix warnings about valid time zone abbreviations. [EN-16:19] 82 Update timezone database information. [EN-16:20] 83 Fix incorrectly defined unicode character(s). [EN-16:21] 84 8520161102 p3 FreeBSD-SA-16:33.openssh 86 87 Fix Fix OpenSSH remote Denial of Service vulnerability. 88 8920161025 p2 FreeBSD-SA-16:15.sysarch [revised] 90 FreeBSD-SA-16:32.bhyve 91 92 Fix incorrect argument validation in sysarch(2). [SA-16:15] 93 Fix access to host memory from guest in bhyve(8). [SA-16:32] 94 9520160928: 96 11.0-RELEASE. 97 9820160622: 99 The libc stub for the pipe(2) system call has been replaced with 100 a wrapper that calls the pipe2(2) system call and the pipe(2) 101 system call is now only implemented by the kernels that include 102 "options COMPAT_FREEBSD10" in their config file (this is the 103 default). Users should ensure that this option is enabled in 104 their kernel or upgrade userspace to r302092 before upgrading their 105 kernel. 106 10720160527: 108 CAM will now strip leading spaces from SCSI disks' serial numbers. 109 This will effect users who create UFS filesystems on SCSI disks using 110 those disk's diskid device nodes. For example, if /etc/fstab 111 previously contained a line like 112 "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should 113 change it to "/dev/diskid/DISK-ABCDEFG0123456". Users of geom 114 transforms like gmirror may also be affected. ZFS users should 115 generally be fine. 116 11720160523: 118 The bitstring(3) API has been updated with new functionality and 119 improved performance. But it is binary-incompatible with the old API. 120 Objects built with the new headers may not be linked against objects 121 built with the old headers. 122 12320160520: 124 The brk and sbrk functions have been removed from libc on arm64. 125 Binutils from ports has been updated to not link to these 126 functions and should be updated to the latest version before 127 installing a new libc. 128 12920160517: 130 The armv6 port now defaults to hard float ABI. Limited support 131 for running both hardfloat and soft float on the same system 132 is available using the libraries installed with -DWITH_LIBSOFT. 133 This has only been tested as an upgrade path for installworld 134 and packages may fail or need manual intervention to run. New 135 packages will be needed. 136 137 To update an existing self-hosted armv6hf system, you must add 138 TARGET_ARCH=armv6 on the make command line for both the build 139 and the install steps. 140 14120160510: 142 Kernel modules compiled outside of a kernel build now default to 143 installing to /boot/modules instead of /boot/kernel. Many kernel 144 modules built this way (such as those in ports) already overrode 145 KMODDIR explicitly to install into /boot/modules. However, 146 manually building and installing a module from /sys/modules will 147 now install to /boot/modules instead of /boot/kernel. 148 14920160414: 150 The CAM I/O scheduler has been committed to the kernel. There should be 151 no user visible impact. This does enable NCQ Trim on ada SSDs. While the 152 list of known rogues that claim support for this but actually corrupt 153 data is believed to be complete, be on the lookout for data 154 corruption. The known rogue list is believed to be complete: 155 156 o Crucial MX100, M550 drives with MU01 firmware. 157 o Micron M510 and M550 drives with MU01 firmware. 158 o Micron M500 prior to MU07 firmware 159 o Samsung 830, 840, and 850 all firmwares 160 o FCCT M500 all firmwares 161 162 Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware 163 with working NCQ TRIM. For Micron branded drives, see your sales rep for 164 updated firmware. Black listed drives will work correctly because these 165 drives work correctly so long as no NCQ TRIMs are sent to them. Given 166 this list is the same as found in Linux, it's believed there are no 167 other rogues in the market place. All other models from the above 168 vendors work. 169 170 To be safe, if you are at all concerned, you can quirk each of your 171 drives to prevent NCQ from being sent by setting: 172 kern.cam.ada.X.quirks="0x2" 173 in loader.conf. If the drive requires the 4k sector quirk, set the 174 quirks entry to 0x3. 175 17620160330: 177 The FAST_DEPEND build option has been removed and its functionality is 178 now the one true way. The old mkdep(1) style of 'make depend' has 179 been removed. See 20160311 for further details. 180 18120160317: 182 Resource range types have grown from unsigned long to uintmax_t. All 183 drivers, and anything using libdevinfo, need to be recompiled. 184 18520160311: 186 WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree 187 builds. It no longer runs mkdep(1) during 'make depend', and the 188 'make depend' stage can safely be skipped now as it is auto ran 189 when building 'make all' and will generate all SRCS and DPSRCS before 190 building anything else. Dependencies are gathered at compile time with 191 -MF flags kept in separate .depend files per object file. Users should 192 run 'make cleandepend' once if using -DNO_CLEAN to clean out older 193 stale .depend files. 194 19520160306: 196 On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into 197 kernel modules. Therefore, if you load any kernel modules at boot time, 198 please install the boot loaders after you install the kernel, but before 199 rebooting, e.g.: 200 201 make buildworld 202 make kernel KERNCONF=YOUR_KERNEL_HERE 203 make -C sys/boot install 204 <reboot in single user> 205 206 Then follow the usual steps, described in the General Notes section, 207 below. 208 20920160305: 210 Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0. Please 211 see the 20141231 entry below for information about prerequisites and 212 upgrading, if you are not already using clang 3.5.0 or higher. 213 21420160301: 215 The AIO subsystem is now a standard part of the kernel. The 216 VFS_AIO kernel option and aio.ko kernel module have been removed. 217 Due to stability concerns, asynchronous I/O requests are only 218 permitted on sockets and raw disks by default. To enable 219 asynchronous I/O requests on all file types, set the 220 vfs.aio.enable_unsafe sysctl to a non-zero value. 221 22220160226: 223 The ELF object manipulation tool objcopy is now provided by the 224 ELF Tool Chain project rather than by GNU binutils. It should be a 225 drop-in replacement, with the addition of arm64 support. The 226 (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set 227 to obtain the GNU version if necessary. 228 22920160129: 230 Building ZFS pools on top of zvols is prohibited by default. That 231 feature has never worked safely; it's always been prone to deadlocks. 232 Using a zvol as the backing store for a VM guest's virtual disk will 233 still work, even if the guest is using ZFS. Legacy behavior can be 234 restored by setting vfs.zfs.vol.recursive=1. 235 23620160119: 237 The NONE and HPN patches has been removed from OpenSSH. They are 238 still available in the security/openssh-portable port. 239 24020160113: 241 With the addition of ypldap(8), a new _ypldap user is now required 242 during installworld. "mergemaster -p" can be used to add the user 243 prior to installworld, as documented in the handbook. 244 24520151216: 246 The tftp loader (pxeboot) now uses the option root-path directive. As a 247 consequence it no longer looks for a pxeboot.4th file on the tftp 248 server. Instead it uses the regular /boot infrastructure as with the 249 other loaders. 250 25120151211: 252 The code to start recording plug and play data into the modules has 253 been committed. While the old tools will properly build a new kernel, 254 a number of warnings about "unknown metadata record 4" will be produced 255 for an older kldxref. To avoid such warnings, make sure to rebuild 256 the kernel toolchain (or world). Make sure that you have r292078 or 257 later when trying to build 292077 or later before rebuilding. 258 25920151207: 260 Debug data files are now built by default with 'make buildworld' and 261 installed with 'make installworld'. This facilitates debugging but 262 requires more disk space both during the build and for the installed 263 world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes 264 in src.conf(5). 265 26620151130: 267 r291527 changed the internal interface between the nfsd.ko and 268 nfscommon.ko modules. As such, they must both be upgraded to-gether. 269 __FreeBSD_version has been bumped because of this. 270 27120151108: 272 Add support for unicode collation strings leads to a change of 273 order of files listed by ls(1) for example. To get back to the old 274 behaviour, set LC_COLLATE environment variable to "C". 275 276 Databases administrators will need to reindex their databases given 277 collation results will be different. 278 279 Due to a bug in install(1) it is recommended to remove the ancient 280 locales before running make installworld. 281 282 rm -rf /usr/share/locale/* 283 28420151030: 285 The OpenSSL has been upgraded to 1.0.2d. Any binaries requiring 286 libcrypto.so.7 or libssl.so.7 must be recompiled. 287 28820151020: 289 Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0. 290 Kernel modules isp_2400_multi and isp_2500_multi were removed and 291 should be replaced with isp_2400 and isp_2500 modules respectively. 292 29320151017: 294 The build previously allowed using 'make -n' to not recurse into 295 sub-directories while showing what commands would be executed, and 296 'make -n -n' to recursively show commands. Now 'make -n' will recurse 297 and 'make -N' will not. 298 29920151012: 300 If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster 301 and etcupdate will now use this file. A custom sendmail.cf is now 302 updated via this mechanism rather than via installworld. If you had 303 excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may 304 want to remove the exclusion or change it to "always install". 305 /etc/mail/sendmail.cf is now managed the same way regardless of 306 whether SENDMAIL_MC/SENDMAIL_CF is used. If you are not using 307 SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior. 308 30920151011: 310 Compatibility shims for legacy ATA device names have been removed. 311 It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases 312 and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.* 313 environment variables, /dev/ad* and /dev/ar* symbolic links. 314 31520151006: 316 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0. 317 Please see the 20141231 entry below for information about prerequisites 318 and upgrading, if you are not already using clang 3.5.0 or higher. 319 32020150924: 321 Kernel debug files have been moved to /usr/lib/debug/boot/kernel/, 322 and renamed from .symbols to .debug. This reduces the size requirements 323 on the boot partition or file system and provides consistency with 324 userland debug files. 325 326 When using the supported kernel installation method the 327 /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old) 328 as is done with /boot/kernel. 329 330 Developers wishing to maintain the historical behavior of installing 331 debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5). 332 33320150827: 334 The wireless drivers had undergone changes that remove the 'parent 335 interface' from the ifconfig -l output. The rc.d network scripts 336 used to check presence of a parent interface in the list, so old 337 scripts would fail to start wireless networking. Thus, etcupdate(3) 338 or mergemaster(8) run is required after kernel update, to update your 339 rc.d scripts in /etc. 340 34120150827: 342 pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl' 343 These configurations are now automatically interpreted as 344 'scrub fragment reassemble'. 345 34620150817: 347 Kernel-loadable modules for the random(4) device are back. To use 348 them, the kernel must have 349 350 device random 351 options RANDOM_LOADABLE 352 353 kldload(8) can then be used to load random_fortuna.ko 354 or random_yarrow.ko. Please note that due to the indirect 355 function calls that the loadable modules need to provide, 356 the build-in variants will be slightly more efficient. 357 358 The random(4) kernel option RANDOM_DUMMY has been retired due to 359 unpopularity. It was not all that useful anyway. 360 36120150813: 362 The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired. 363 Control over building the ELF Tool Chain tools is now provided by 364 the WITHOUT_TOOLCHAIN knob. 365 36620150810: 367 The polarity of Pulse Per Second (PPS) capture events with the 368 uart(4) driver has been corrected. Prior to this change the PPS 369 "assert" event corresponded to the trailing edge of a positive PPS 370 pulse and the "clear" event was the leading edge of the next pulse. 371 372 As the width of a PPS pulse in a typical GPS receiver is on the 373 order of 1 millisecond, most users will not notice any significant 374 difference with this change. 375 376 Anyone who has compensated for the historical polarity reversal by 377 configuring a negative offset equal to the pulse width will need to 378 remove that workaround. 379 38020150809: 381 The default group assigned to /dev/dri entries has been changed 382 from 'wheel' to 'video' with the id of '44'. If you want to have 383 access to the dri devices please add yourself to the video group 384 with: 385 386 # pw groupmod video -m $USER 387 38820150806: 389 The menu.rc and loader.rc files will now be replaced during 390 upgrades. Please migrate local changes to menu.rc.local and 391 loader.rc.local instead. 392 39320150805: 394 GNU Binutils versions of addr2line, c++filt, nm, readelf, size, 395 strings and strip have been removed. The src.conf(5) knob 396 WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools. 397 39820150728: 399 As ZFS requires more kernel stack pages than is the default on some 400 architectures e.g. i386, it now warns if KSTACK_PAGES is less than 401 ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing). 402 403 Please consider using 'options KSTACK_PAGES=X' where X is greater 404 than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations. 405 40620150706: 407 sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0 408 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by 409 default, i.e., they will not contain "::". For example, instead 410 of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet 411 to have a more specific match, such as different map entries for 412 IPv6:0:0 vs IPv6:0. This change requires that configuration 413 data (including maps, files, classes, custom ruleset, etc.) must 414 use the same format, so make certain such configuration data is 415 upgrading. As a very simple check search for patterns like 416 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old 417 behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or 418 the cf option UseCompressedIPv6Addresses. 419 42020150630: 421 The default kernel entropy-processing algorithm is now 422 Fortuna, replacing Yarrow. 423 424 Assuming you have 'device random' in your kernel config 425 file, the configurations allow a kernel option to override 426 this default. You may choose *ONE* of: 427 428 options RANDOM_YARROW # Legacy /dev/random algorithm. 429 options RANDOM_DUMMY # Blocking-only driver. 430 431 If you have neither, you get Fortuna. For most people, 432 read no further, Fortuna will give a /dev/random that works 433 like it always used to, and the difference will be irrelevant. 434 435 If you remove 'device random', you get *NO* kernel-processed 436 entropy at all. This may be acceptable to folks building 437 embedded systems, but has complications. Carry on reading, 438 and it is assumed you know what you need. 439 440 *PLEASE* read random(4) and random(9) if you are in the 441 habit of tweaking kernel configs, and/or if you are a member 442 of the embedded community, wanting specific and not-usual 443 behaviour from your security subsystems. 444 445 NOTE!! If you use RANDOM_DUMMY and/or have no 'device 446 random', you will NOT have a functioning /dev/random, and 447 many cryptographic features will not work, including SSH. 448 You may also find strange behaviour from the random(3) set 449 of library functions, in particular sranddev(3), srandomdev(3) 450 and arc4random(3). The reason for this is that the KERN_ARND 451 sysctl only returns entropy if it thinks it has some to 452 share, and with RANDOM_DUMMY or no 'device random' this 453 will never happen. 454 45520150623: 456 An additional fix for the issue described in the 20150614 sendmail 457 entry below has been been committed in revision 284717. 458 45920150616: 460 FreeBSD's old make (fmake) has been removed from the system. It is 461 available as the devel/fmake port or via pkg install fmake. 462 46320150615: 464 The fix for the issue described in the 20150614 sendmail entry 465 below has been been committed in revision 284436. The work 466 around described in that entry is no longer needed unless the 467 default setting is overridden by a confDH_PARAMETERS configuration 468 setting of '5' or pointing to a 512 bit DH parameter file. 469 47020150614: 471 ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from 472 atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf 473 and devel/kyua to version 0.20+ and adjust any calling code to work 474 with Kyuafile and kyua. 475 47620150614: 477 The import of openssl to address the FreeBSD-SA-15:10.openssl 478 security advisory includes a change which rejects handshakes 479 with DH parameters below 768 bits. sendmail releases prior 480 to 8.15.2 (not yet released), defaulted to a 512 bit 481 DH parameter setting for client connections. To work around 482 this interoperability, sendmail can be configured to use a 483 2048 bit DH parameter by: 484 485 1. Edit /etc/mail/`hostname`.mc 486 2. If a setting for confDH_PARAMETERS does not exist or 487 exists and is set to a string beginning with '5', 488 replace it with '2'. 489 3. If a setting for confDH_PARAMETERS exists and is set to 490 a file path, create a new file with: 491 openssl dhparam -out /path/to/file 2048 492 4. Rebuild the .cf file: 493 cd /etc/mail/; make; make install 494 5. Restart sendmail: 495 cd /etc/mail/; make restart 496 497 A sendmail patch is coming, at which time this file will be 498 updated. 499 50020150604: 501 Generation of legacy formatted entries have been disabled by default 502 in pwd_mkdb(8), as all base system consumers of the legacy formatted 503 entries were converted to use the new format by default when the new, 504 machine independent format have been added and supported since FreeBSD 505 5.x. 506 507 Please see the pwd_mkdb(8) manual page for further details. 508 50920150525: 510 Clang and llvm have been upgraded to 3.6.1 release. Please see the 511 20141231 entry below for information about prerequisites and upgrading, 512 if you are not already using 3.5.0 or higher. 513 51420150521: 515 TI platform code switched to using vendor DTS files and this update 516 may break existing systems running on Beaglebone, Beaglebone Black, 517 and Pandaboard: 518 519 - dtb files should be regenerated/reinstalled. Filenames are the 520 same but content is different now 521 - GPIO addressing was changed, now each GPIO bank (32 pins per bank) 522 has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old 523 addressing scheme is now pin 25 on /dev/gpioc3. 524 - Pandaboard: /etc/ttys should be updated, serial console device is 525 now /dev/ttyu2, not /dev/ttyu0 526 52720150501: 528 soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim. 529 If you need the GNU extension from groff soelim(1), install groff 530 from package: pkg install groff, or via ports: textproc/groff. 531 53220150423: 533 chmod, chflags, chown and chgrp now affect symlinks in -R mode as 534 defined in symlink(7); previously symlinks were silently ignored. 535 53620150415: 537 The const qualifier has been removed from iconv(3) to comply with 538 POSIX. The ports tree is aware of this from r384038 onwards. 539 54020150416: 541 Libraries specified by LIBADD in Makefiles must have a corresponding 542 DPADD_<lib> variable to ensure correct dependencies. This is now 543 enforced in src.libnames.mk. 544 54520150324: 546 From legacy ata(4) driver was removed support for SATA controllers 547 supported by more functional drivers ahci(4), siis(4) and mvs(4). 548 Kernel modules ataahci and ataadaptec were removed completely, 549 replaced by ahci and mvs modules respectively. 550 55120150315: 552 Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see 553 the 20141231 entry below for information about prerequisites and 554 upgrading, if you are not already using 3.5.0 or higher. 555 55620150307: 557 The 32-bit PowerPC kernel has been changed to a position-independent 558 executable. This can only be booted with a version of loader(8) 559 newer than January 31, 2015, so make sure to update both world and 560 kernel before rebooting. 561 56220150217: 563 If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014), 564 but before r278950, the RNG was not seeded properly. Immediately 565 upgrade the kernel to r278950 or later and regenerate any keys (e.g. 566 ssh keys or openssl keys) that were generated w/ a kernel from that 567 range. This does not affect programs that directly used /dev/random 568 or /dev/urandom. All userland uses of arc4random(3) are affected. 569 57020150210: 571 The autofs(4) ABI was changed in order to restore binary compatibility 572 with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work 573 with the new kernel. 574 57520150131: 576 The powerpc64 kernel has been changed to a position-independent 577 executable. This can only be booted with a new version of loader(8), 578 so make sure to update both world and kernel before rebooting. 579 58020150118: 581 Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix 582 only release, no new features have been added. Please see the 20141231 583 entry below for information about prerequisites and upgrading, if you 584 are not already using 3.5.0. 585 58620150107: 587 ELF tools addr2line, elfcopy (strip), nm, size, and strings are now 588 taken from the ELF Tool Chain project rather than GNU binutils. They 589 should be drop-in replacements, with the addition of arm64 support. 590 The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the 591 binutils tools, if necessary. See 20150805 for updated information. 592 59320150105: 594 The default Unbound configuration now enables remote control 595 using a local socket. Users who have already enabled the 596 local_unbound service should regenerate their configuration 597 by running "service local_unbound setup" as root. 598 59920150102: 600 The GNU texinfo and GNU info pages have been removed. 601 To be able to view GNU info pages please install texinfo from ports. 602 60320141231: 604 Clang, llvm and lldb have been upgraded to 3.5.0 release. 605 606 As of this release, a prerequisite for building clang, llvm and lldb is 607 a C++11 capable compiler and C++11 standard library. This means that to 608 be able to successfully build the cross-tools stage of buildworld, with 609 clang as the bootstrap compiler, your system compiler or cross compiler 610 should either be clang 3.3 or later, or gcc 4.8 or later, and your 611 system C++ library should be libc++, or libdstdc++ from gcc 4.8 or 612 later. 613 614 On any standard FreeBSD 10.x or 11.x installation, where clang and 615 libc++ are on by default (that is, on x86 or arm), this should work out 616 of the box. 617 618 On 9.x installations where clang is enabled by default, e.g. on x86 and 619 powerpc, libc++ will not be enabled by default, so libc++ should be 620 built (with clang) and installed first. If both clang and libc++ are 621 missing, build clang first, then use it to build libc++. 622 623 On 8.x and earlier installations, upgrade to 9.x first, and then follow 624 the instructions for 9.x above. 625 626 Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by 627 default, and do not build clang. 628 629 Many embedded systems are resource constrained, and will not be able to 630 build clang in a reasonable time, or in some cases at all. In those 631 cases, cross building bootable systems on amd64 is a workaround. 632 633 This new version of clang introduces a number of new warnings, of which 634 the following are most likely to appear: 635 636 -Wabsolute-value 637 638 This warns in two cases, for both C and C++: 639 * When the code is trying to take the absolute value of an unsigned 640 quantity, which is effectively a no-op, and almost never what was 641 intended. The code should be fixed, if at all possible. If you are 642 sure that the unsigned quantity can be safely cast to signed, without 643 loss of information or undefined behavior, you can add an explicit 644 cast, or disable the warning. 645 646 * When the code is trying to take an absolute value, but the called 647 abs() variant is for the wrong type, which can lead to truncation. 648 If you want to disable the warning instead of fixing the code, please 649 make sure that truncation will not occur, or it might lead to unwanted 650 side-effects. 651 652 -Wtautological-undefined-compare and 653 -Wundefined-bool-conversion 654 655 These warn when C++ code is trying to compare 'this' against NULL, while 656 'this' should never be NULL in well-defined C++ code. However, there is 657 some legacy (pre C++11) code out there, which actively abuses this 658 feature, which was less strictly defined in previous C++ versions. 659 660 Squid and openjdk do this, for example. The warning can be turned off 661 for C++98 and earlier, but compiling the code in C++11 mode might result 662 in unexpected behavior; for example, the parts of the program that are 663 unreachable could be optimized away. 664 66520141222: 666 The old NFS client and server (kernel options NFSCLIENT, NFSSERVER) 667 kernel sources have been removed. The .h files remain, since some 668 utilities include them. This will need to be fixed later. 669 If "mount -t oldnfs ..." is attempted, it will fail. 670 If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used, 671 the utilities will report errors. 672 67320141121: 674 The handling of LOCAL_LIB_DIRS has been altered to skip addition of 675 directories to top level SUBDIR variable when their parent 676 directory is included in LOCAL_DIRS. Users with build systems with 677 such hierarchies and without SUBDIR entries in the parent 678 directory Makefiles should add them or add the directories to 679 LOCAL_DIRS. 680 68120141109: 682 faith(4) and faithd(8) have been removed from the base system. Faith 683 has been obsolete for a very long time. 684 68520141104: 686 vt(4), the new console driver, is enabled by default. It brings 687 support for Unicode and double-width characters, as well as 688 support for UEFI and integration with the KMS kernel video 689 drivers. 690 691 You may need to update your console settings in /etc/rc.conf, 692 most probably the keymap. During boot, /etc/rc.d/syscons will 693 indicate what you need to do. 694 695 vt(4) still has issues and lacks some features compared to 696 syscons(4). See the wiki for up-to-date information: 697 https://wiki.freebsd.org/Newcons 698 699 If you want to keep using syscons(4), you can do so by adding 700 the following line to /boot/loader.conf: 701 kern.vty=sc 702 70320141102: 704 pjdfstest has been integrated into kyua as an opt-in test suite. 705 Please see share/doc/pjdfstest/README for more details on how to 706 execute it. 707 70820141009: 709 gperf has been removed from the base system for architectures 710 that use clang. Ports that require gperf will obtain it from the 711 devel/gperf port. 712 71320140923: 714 pjdfstest has been moved from tools/regression/pjdfstest to 715 contrib/pjdfstest . 716 71720140922: 718 At svn r271982, The default linux compat kernel ABI has been adjusted 719 to 2.6.18 in support of the linux-c6 compat ports infrastructure 720 update. If you wish to continue using the linux-f10 compat ports, 721 add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are 722 encouraged to update their linux-compat packages to linux-c6 during 723 their next update cycle. 724 72520140729: 726 The ofwfb driver, used to provide a graphics console on PowerPC when 727 using vt(4), no longer allows mmap() of all physical memory. This 728 will prevent Xorg on PowerPC with some ATI graphics cards from 729 initializing properly unless x11-servers/xorg-server is updated to 730 1.12.4_8 or newer. 731 73220140723: 733 The xdev targets have been converted to using TARGET and 734 TARGET_ARCH instead of XDEV and XDEV_ARCH. 735 73620140719: 737 The default unbound configuration has been modified to address 738 issues with reverse lookups on networks that use private 739 address ranges. If you use the local_unbound service, run 740 "service local_unbound setup" as root to regenerate your 741 configuration, then "service local_unbound reload" to load the 742 new configuration. 743 74420140709: 745 The GNU texinfo and GNU info pages are not built and installed 746 anymore, WITH_INFO knob has been added to allow to built and install 747 them again. 748 UPDATE: see 20150102 entry on texinfo's removal 749 75020140708: 751 The GNU readline library is now an INTERNALLIB - that is, it is 752 statically linked into consumers (GDB and variants) in the base 753 system, and the shared library is no longer installed. The 754 devel/readline port is available for third party software that 755 requires readline. 756 75720140702: 758 The Itanium architecture (ia64) has been removed from the list of 759 known architectures. This is the first step in the removal of the 760 architecture. 761 76220140701: 763 Commit r268115 has added NFSv4.1 server support, merged from 764 projects/nfsv4.1-server. Since this includes changes to the 765 internal interfaces between the NFS related modules, a full 766 build of the kernel and modules will be necessary. 767 __FreeBSD_version has been bumped. 768 76920140629: 770 The WITHOUT_VT_SUPPORT kernel config knob has been renamed 771 WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning 772 which differs from the behaviour controlled by this knob.) 773 77420140619: 775 Maximal length of the serial number in CTL was increased from 16 to 776 64 chars, that breaks ABI. All CTL-related tools, such as ctladm 777 and ctld, need to be rebuilt to work with a new kernel. 778 77920140606: 780 The libatf-c and libatf-c++ major versions were downgraded to 0 and 781 1 respectively to match the upstream numbers. They were out of 782 sync because, when they were originally added to FreeBSD, the 783 upstream versions were not respected. These libraries are private 784 and not yet built by default, so renumbering them should be a 785 non-issue. However, unclean source trees will yield broken test 786 programs once the operator executes "make delete-old-libs" after a 787 "make installworld". 788 789 Additionally, the atf-sh binary was made private by moving it into 790 /usr/libexec/. Already-built shell test programs will keep the 791 path to the old binary so they will break after "make delete-old" 792 is run. 793 794 If you are using WITH_TESTS=yes (not the default), wipe the object 795 tree and rebuild from scratch to prevent spurious test failures. 796 This is only needed once: the misnumbered libraries and misplaced 797 binaries have been added to OptionalObsoleteFiles.inc so they will 798 be removed during a clean upgrade. 799 80020140512: 801 Clang and llvm have been upgraded to 3.4.1 release. 802 80320140508: 804 We bogusly installed src.opts.mk in /usr/share/mk. This file should 805 be removed to avoid issues in the future (and has been added to 806 ObsoleteFiles.inc). 807 80820140505: 809 /etc/src.conf now affects only builds of the FreeBSD src tree. In the 810 past, it affected all builds that used the bsd.*.mk files. The old 811 behavior was a bug, but people may have relied upon it. To get this 812 behavior back, you can .include /etc/src.conf from /etc/make.conf 813 (which is still global and isn't changed). This also changes the 814 behavior of incremental builds inside the tree of individual 815 directories. Set MAKESYSPATH to ".../share/mk" to do that. 816 Although this has survived make universe and some upgrade scenarios, 817 other upgrade scenarios may have broken. At least one form of 818 temporary breakage was fixed with MAKESYSPATH settings for buildworld 819 as well... In cases where MAKESYSPATH isn't working with this 820 setting, you'll need to set it to the full path to your tree. 821 822 One side effect of all this cleaning up is that bsd.compiler.mk 823 is no longer implicitly included by bsd.own.mk. If you wish to 824 use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk 825 as well. 826 82720140430: 828 The lindev device has been removed since /dev/full has been made a 829 standard device. __FreeBSD_version has been bumped. 830 83120140424: 832 The knob WITHOUT_VI was added to the base system, which controls 833 building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1) 834 in order to reorder files share/termcap and didn't build ex(1) as a 835 build tool, so building/installing with WITH_VI is highly advised for 836 build hosts for older releases. 837 838 This issue has been fixed in stable/9 and stable/10 in r277022 and 839 r276991, respectively. 840 84120140418: 842 The YES_HESIOD knob has been removed. It has been obsolete for 843 a decade. Please move to using WITH_HESIOD instead or your builds 844 will silently lack HESIOD. 845 84620140405: 847 The uart(4) driver has been changed with respect to its handling 848 of the low-level console. Previously the uart(4) driver prevented 849 any process from changing the baudrate or the CLOCAL and HUPCL 850 control flags. By removing the restrictions, operators can make 851 changes to the serial console port without having to reboot. 852 However, when getty(8) is started on the serial device that is 853 associated with the low-level console, a misconfigured terminal 854 line in /etc/ttys will now have a real impact. 855 Before upgrading the kernel, make sure that /etc/ttys has the 856 serial console device configured as 3wire without baudrate to 857 preserve the previous behaviour. E.g: 858 ttyu0 "/usr/libexec/getty 3wire" vt100 on secure 859 86020140306: 861 Support for libwrap (TCP wrappers) in rpcbind was disabled by default 862 to improve performance. To re-enable it, if needed, run rpcbind 863 with command line option -W. 864 86520140226: 866 Switched back to the GPL dtc compiler due to updates in the upstream 867 dts files not being supported by the BSDL dtc compiler. You will need 868 to rebuild your kernel toolchain to pick up the new compiler. Core dumps 869 may result while building dtb files during a kernel build if you fail 870 to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler. 871 87220140216: 873 Clang and llvm have been upgraded to 3.4 release. 874 87520140216: 876 The nve(4) driver has been removed. Please use the nfe(4) driver 877 for NVIDIA nForce MCP Ethernet adapters instead. 878 87920140212: 880 An ABI incompatibility crept into the libc++ 3.4 import in r261283. 881 This could cause certain C++ applications using shared libraries built 882 against the previous version of libc++ to crash. The incompatibility 883 has now been fixed, but any C++ applications or shared libraries built 884 between r261283 and r261801 should be recompiled. 885 88620140204: 887 OpenSSH will now ignore errors caused by kernel lacking of Capsicum 888 capability mode support. Please note that enabling the feature in 889 kernel is still highly recommended. 890 89120140131: 892 OpenSSH is now built with sandbox support, and will use sandbox as 893 the default privilege separation method. This requires Capsicum 894 capability mode support in kernel. 895 89620140128: 897 The libelf and libdwarf libraries have been updated to newer 898 versions from upstream. Shared library version numbers for 899 these two libraries were bumped. Any ports or binaries 900 requiring these two libraries should be recompiled. 901 __FreeBSD_version is bumped to 1100006. 902 90320140110: 904 If a Makefile in a tests/ directory was auto-generating a Kyuafile 905 instead of providing an explicit one, this would prevent such 906 Makefile from providing its own Kyuafile in the future during 907 NO_CLEAN builds. This has been fixed in the Makefiles but manual 908 intervention is needed to clean an objdir if you use NO_CLEAN: 909 # find /usr/obj -name Kyuafile | xargs rm -f 910 91120131213: 912 The behavior of gss_pseudo_random() for the krb5 mechanism 913 has changed, for applications requesting a longer random string 914 than produced by the underlying enctype's pseudo-random() function. 915 In particular, the random string produced from a session key of 916 enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will 917 be different at the 17th octet and later, after this change. 918 The counter used in the PRF+ construction is now encoded as a 919 big-endian integer in accordance with RFC 4402. 920 __FreeBSD_version is bumped to 1100004. 921 92220131108: 923 The WITHOUT_ATF build knob has been removed and its functionality 924 has been subsumed into the more generic WITHOUT_TESTS. If you were 925 using the former to disable the build of the ATF libraries, you 926 should change your settings to use the latter. 927 92820131025: 929 The default version of mtree is nmtree which is obtained from 930 NetBSD. The output is generally the same, but may vary 931 slightly. If you found you need identical output adding 932 "-F freebsd9" to the command line should do the trick. For the 933 time being, the old mtree is available as fmtree. 934 93520131014: 936 libbsdyml has been renamed to libyaml and moved to /usr/lib/private. 937 This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg 938 1.1.4_8 and verify bsdyml not linked in, before running "make 939 delete-old-libs": 940 # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean 941 or 942 # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml 943 94420131010: 945 The stable/10 branch has been created in subversion from head 946 revision r256279. 947 94820131010: 949 The rc.d/jail script has been updated to support jail(8) 950 configuration file. The "jail_<jname>_*" rc.conf(5) variables 951 for per-jail configuration are automatically converted to 952 /var/run/jail.<jname>.conf before the jail(8) utility is invoked. 953 This is transparently backward compatible. See below about some 954 incompatibilities and rc.conf(5) manual page for more details. 955 956 These variables are now deprecated in favor of jail(8) configuration 957 file. One can use "rc.d/jail config <jname>" command to generate 958 a jail(8) configuration file in /var/run/jail.<jname>.conf without 959 running the jail(8) utility. The default pathname of the 960 configuration file is /etc/jail.conf and can be specified by 961 using $jail_conf or $jail_<jname>_conf variables. 962 963 Please note that jail_devfs_ruleset accepts an integer at 964 this moment. Please consider to rewrite the ruleset name 965 with an integer. 966 96720130930: 968 BIND has been removed from the base system. If all you need 969 is a local resolver, simply enable and start the local_unbound 970 service instead. Otherwise, several versions of BIND are 971 available in the ports tree. The dns/bind99 port is one example. 972 973 With this change, nslookup(1) and dig(1) are no longer in the base 974 system. Users should instead use host(1) and drill(1) which are 975 in the base system. Alternatively, nslookup and dig can 976 be obtained by installing the dns/bind-tools port. 977 97820130916: 979 With the addition of unbound(8), a new unbound user is now 980 required during installworld. "mergemaster -p" can be used to 981 add the user prior to installworld, as documented in the handbook. 982 98320130911: 984 OpenSSH is now built with DNSSEC support, and will by default 985 silently trust signed SSHFP records. This can be controlled with 986 the VerifyHostKeyDNS client configuration setting. DNSSEC support 987 can be disabled entirely with the WITHOUT_LDNS option in src.conf. 988 98920130906: 990 The GNU Compiler Collection and C++ standard library (libstdc++) 991 are no longer built by default on platforms where clang is the system 992 compiler. You can enable them with the WITH_GCC and WITH_GNUCXX 993 options in src.conf. 994 99520130905: 996 The PROCDESC kernel option is now part of the GENERIC kernel 997 configuration and is required for the rwhod(8) to work. 998 If you are using custom kernel configuration, you should include 999 'options PROCDESC'. 1000 100120130905: 1002 The API and ABI related to the Capsicum framework was modified 1003 in backward incompatible way. The userland libraries and programs 1004 have to be recompiled to work with the new kernel. This includes the 1005 following libraries and programs, but the whole buildworld is 1006 advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl, 1007 kdump, procstat, rwho, rwhod, uniq. 1008 100920130903: 1010 AES-NI intrinsic support has been added to gcc. The AES-NI module 1011 has been updated to use this support. A new gcc is required to build 1012 the aesni module on both i386 and amd64. 1013 101420130821: 1015 The PADLOCK_RNG and RDRAND_RNG kernel options are now devices. 1016 Thus "device padlock_rng" and "device rdrand_rng" should be 1017 used instead of "options PADLOCK_RNG" & "options RDRAND_RNG". 1018 101920130813: 1020 WITH_ICONV has been split into two feature sets. WITH_ICONV now 1021 enables just the iconv* functionality and is now on by default. 1022 WITH_LIBICONV_COMPAT enables the libiconv api and link time 1023 compatibility. Set WITHOUT_ICONV to build the old way. 1024 If you have been using WITH_ICONV before, you will very likely 1025 need to turn on WITH_LIBICONV_COMPAT. 1026 102720130806: 1028 INVARIANTS option now enables DEBUG for code with OpenSolaris and 1029 Illumos origin, including ZFS. If you have INVARIANTS in your 1030 kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG 1031 explicitly. 1032 DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS) 1033 locks if WITNESS option was set. Because that generated a lot of 1034 witness(9) reports and all of them were believed to be false 1035 positives, this is no longer done. New option OPENSOLARIS_WITNESS 1036 can be used to achieve the previous behavior. 1037 103820130806: 1039 Timer values in IPv6 data structures now use time_uptime instead 1040 of time_second. Although this is not a user-visible functional 1041 change, userland utilities which directly use them---ndp(8), 1042 rtadvd(8), and rtsold(8) in the base system---need to be updated 1043 to r253970 or later. 1044 104520130802: 1046 find -delete can now delete the pathnames given as arguments, 1047 instead of only files found below them or if the pathname did 1048 not contain any slashes. Formerly, the following error message 1049 would result: 1050 1051 find: -delete: <path>: relative path potentially not safe 1052 1053 Deleting the pathnames given as arguments can be prevented 1054 without error messages using -mindepth 1 or by changing 1055 directory and passing "." as argument to find. This works in the 1056 old as well as the new version of find. 1057 105820130726: 1059 Behavior of devfs rules path matching has been changed. 1060 Pattern is now always matched against fully qualified devfs 1061 path and slash characters must be explicitly matched by 1062 slashes in pattern (FNM_PATHNAME). Rulesets involving devfs 1063 subdirectories must be reviewed. 1064 106520130716: 1066 The default ARM ABI has changed to the ARM EABI. The old ABI is 1067 incompatible with the ARM EABI and all programs and modules will 1068 need to be rebuilt to work with a new kernel. 1069 1070 To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set. 1071 1072 NOTE: Support for the old ABI will be removed in the future and 1073 users are advised to upgrade. 1074 107520130709: 1076 pkg_install has been disconnected from the build if you really need it 1077 you should add WITH_PKGTOOLS in your src.conf(5). 1078 107920130709: 1080 Most of network statistics structures were changed to be able 1081 keep 64-bits counters. Thus all tools, that work with networking 1082 statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.) 1083 108420130618: 1085 Fix a bug that allowed a tracing process (e.g. gdb) to write 1086 to a memory-mapped file in the traced process's address space 1087 even if neither the traced process nor the tracing process had 1088 write access to that file. 1089 109020130615: 1091 CVS has been removed from the base system. An exact copy 1092 of the code is available from the devel/cvs port. 1093 109420130613: 1095 Some people report the following error after the switch to bmake: 1096 1097 make: illegal option -- J 1098 usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable] 1099 ... 1100 *** [buildworld] Error code 2 1101 1102 this likely due to an old instance of make in 1103 ${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE}) 1104 which src/Makefile will use that blindly, if it exists, so if 1105 you see the above error: 1106 1107 rm -rf `make -V MAKEPATH` 1108 1109 should resolve it. 1110 111120130516: 1112 Use bmake by default. 1113 Whereas before one could choose to build with bmake via 1114 -DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old 1115 make. The goal is to remove these knobs for 10-RELEASE. 1116 1117 It is worth noting that bmake (like gmake) treats the command 1118 line as the unit of failure, rather than statements within the 1119 command line. Thus '(cd some/where && dosomething)' is safer 1120 than 'cd some/where; dosomething'. The '()' allows consistent 1121 behavior in parallel build. 1122 112320130429: 1124 Fix a bug that allows NFS clients to issue READDIR on files. 1125 112620130426: 1127 The WITHOUT_IDEA option has been removed because 1128 the IDEA patent expired. 1129 113020130426: 1131 The sysctl which controls TRIM support under ZFS has been renamed 1132 from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been 1133 enabled by default. 1134 113520130425: 1136 The mergemaster command now uses the default MAKEOBJDIRPREFIX 1137 rather than creating it's own in the temporary directory in 1138 order allow access to bootstrapped versions of tools such as 1139 install and mtree. When upgrading from version of FreeBSD where 1140 the install command does not support -l, you will need to 1141 install a new mergemaster command if mergemaster -p is required. 1142 This can be accomplished with the command (cd src/usr.sbin/mergemaster 1143 && make install). 1144 114520130404: 1146 Legacy ATA stack, disabled and replaced by new CAM-based one since 1147 FreeBSD 9.0, completely removed from the sources. Kernel modules 1148 atadisk and atapi*, user-level tools atacontrol and burncd are 1149 removed. Kernel option `options ATA_CAM` is now permanently enabled 1150 and removed. 1151 115220130319: 1153 SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2) 1154 and socketpair(2). Software, in particular Kerberos, may 1155 automatically detect and use these during building. The resulting 1156 binaries will not work on older kernels. 1157 115820130308: 1159 CTL_DISABLE has also been added to the sparc64 GENERIC (for further 1160 information, see the respective 20130304 entry). 1161 116220130304: 1163 Recent commits to callout(9) changed the size of struct callout, 1164 so the KBI is probably heavily disturbed. Also, some functions 1165 in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced 1166 by macros. Every kernel module using it won't load, so rebuild 1167 is requested. 1168 1169 The ctl device has been re-enabled in GENERIC for i386 and amd64, 1170 but does not initialize by default (because of the new CTL_DISABLE 1171 option) to save memory. To re-enable it, remove the CTL_DISABLE 1172 option from the kernel config file or set kern.cam.ctl.disable=0 1173 in /boot/loader.conf. 1174 117520130301: 1176 The ctl device has been disabled in GENERIC for i386 and amd64. 1177 This was done due to the extra memory being allocated at system 1178 initialisation time by the ctl driver which was only used if 1179 a CAM target device was created. This makes a FreeBSD system 1180 unusable on 128MB or less of RAM. 1181 118220130208: 1183 A new compression method (lz4) has been merged to -HEAD. Please 1184 refer to zpool-features(7) for more information. 1185 1186 Please refer to the "ZFS notes" section of this file for information 1187 on upgrading boot ZFS pools. 1188 118920130129: 1190 A BSD-licensed patch(1) variant has been added and is installed 1191 as bsdpatch, being the GNU version the default patch. 1192 To inverse the logic and use the BSD-licensed one as default, 1193 while having the GNU version installed as gnupatch, rebuild 1194 and install world with the WITH_BSD_PATCH knob set. 1195 119620130121: 1197 Due to the use of the new -l option to install(1) during build 1198 and install, you must take care not to directly set the INSTALL 1199 make variable in your /etc/make.conf, /etc/src.conf, or on the 1200 command line. If you wish to use the -C flag for all installs 1201 you may be able to add INSTALL+=-C to /etc/make.conf or 1202 /etc/src.conf. 1203 120420130118: 1205 The install(1) option -M has changed meaning and now takes an 1206 argument that is a file or path to append logs to. In the 1207 unlikely event that -M was the last option on the command line 1208 and the command line contained at least two files and a target 1209 directory the first file will have logs appended to it. The -M 1210 option served little practical purpose in the last decade so its 1211 use is expected to be extremely rare. 1212 121320121223: 1214 After switching to Clang as the default compiler some users of ZFS 1215 on i386 systems started to experience stack overflow kernel panics. 1216 Please consider using 'options KSTACK_PAGES=4' in such configurations. 1217 121820121222: 1219 GEOM_LABEL now mangles label names read from file system metadata. 1220 Mangling affect labels containing spaces, non-printable characters, 1221 '%' or '"'. Device names in /etc/fstab and other places may need to 1222 be updated. 1223 122420121217: 1225 By default, only the 10 most recent kernel dumps will be saved. To 1226 restore the previous behaviour (no limit on the number of kernel dumps 1227 stored in the dump directory) add the following line to /etc/rc.conf: 1228 1229 savecore_flags="" 1230 123120121201: 1232 With the addition of auditdistd(8), a new auditdistd user is now 1233 required during installworld. "mergemaster -p" can be used to 1234 add the user prior to installworld, as documented in the handbook. 1235 123620121117: 1237 The sin6_scope_id member variable in struct sockaddr_in6 is now 1238 filled by the kernel before passing the structure to the userland via 1239 sysctl or routing socket. This means the KAME-specific embedded scope 1240 id in sin6_addr.s6_addr[2] is always cleared in userland application. 1241 This behavior can be controlled by net.inet6.ip6.deembed_scopeid. 1242 __FreeBSD_version is bumped to 1000025. 1243 124420121105: 1245 On i386 and amd64 systems WITH_CLANG_IS_CC is now the default. 1246 This means that the world and kernel will be compiled with clang 1247 and that clang will be installed as /usr/bin/cc, /usr/bin/c++, 1248 and /usr/bin/cpp. To disable this behavior and revert to building 1249 with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions 1250 of current may need to bootstrap WITHOUT_CLANG first if the clang 1251 build fails (its compatibility window doesn't extend to the 9 stable 1252 branch point). 1253 125420121102: 1255 The IPFIREWALL_FORWARD kernel option has been removed. Its 1256 functionality now turned on by default. 1257 125820121023: 1259 The ZERO_COPY_SOCKET kernel option has been removed and 1260 split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP. 1261 NB: SOCKET_SEND_COW uses the VM page based copy-on-write 1262 mechanism which is not safe and may result in kernel crashes. 1263 NB: The SOCKET_RECV_PFLIP mechanism is useless as no current 1264 driver supports disposeable external page sized mbuf storage. 1265 Proper replacements for both zero-copy mechanisms are under 1266 consideration and will eventually lead to complete removal 1267 of the two kernel options. 1268 126920121023: 1270 The IPv4 network stack has been converted to network byte 1271 order. The following modules need to be recompiled together 1272 with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4), 1273 pf(4), ipfw(4), ng_ipfw(4), stf(4). 1274 127520121022: 1276 Support for non-MPSAFE filesystems was removed from VFS. The 1277 VFS_VERSION was bumped, all filesystem modules shall be 1278 recompiled. 1279 128020121018: 1281 All the non-MPSAFE filesystems have been disconnected from 1282 the build. The full list includes: codafs, hpfs, ntfs, nwfs, 1283 portalfs, smbfs, xfs. 1284 128520121016: 1286 The interface cloning API and ABI has changed. The following 1287 modules need to be recompiled together with kernel: 1288 ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4), 1289 vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4), 1290 faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4). 1291 129220121015: 1293 The sdhci driver was split in two parts: sdhci (generic SD Host 1294 Controller logic) and sdhci_pci (actual hardware driver). 1295 No kernel config modifications are required, but if you 1296 load sdhc as a module you must switch to sdhci_pci instead. 1297 129820121014: 1299 Import the FUSE kernel and userland support into base system. 1300 130120121013: 1302 The GNU sort(1) program has been removed since the BSD-licensed 1303 sort(1) has been the default for quite some time and no serious 1304 problems have been reported. The corresponding WITH_GNU_SORT 1305 knob has also gone. 1306 130720121006: 1308 The pfil(9) API/ABI for AF_INET family has been changed. Packet 1309 filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled 1310 with new kernel. 1311 131220121001: 1313 The net80211(4) ABI has been changed to allow for improved driver 1314 PS-POLL and power-save support. All wireless drivers need to be 1315 recompiled to work with the new kernel. 1316 131720120913: 1318 The random(4) support for the VIA hardware random number 1319 generator (`PADLOCK') is no longer enabled unconditionally. 1320 Add the padlock_rng device in the custom kernel config if 1321 needed. The GENERIC kernels on i386 and amd64 do include the 1322 device, so the change only affects the custom kernel 1323 configurations. 1324 132520120908: 1326 The pf(4) packet filter ABI has been changed. pfctl(8) and 1327 snmp_pf module need to be recompiled to work with new kernel. 1328 132920120828: 1330 A new ZFS feature flag "com.delphix:empty_bpobj" has been merged 1331 to -HEAD. Pools that have empty_bpobj in active state can not be 1332 imported read-write with ZFS implementations that do not support 1333 this feature. For more information read the zpool-features(5) 1334 manual page. 1335 133620120727: 1337 The sparc64 ZFS loader has been changed to no longer try to auto- 1338 detect ZFS providers based on diskN aliases but now requires these 1339 to be explicitly listed in the OFW boot-device environment variable. 1340 134120120712: 1342 The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring 1343 libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are 1344 configuration changes. Make sure to merge /etc/ssl/openssl.cnf. 1345 134620120712: 1347 The following sysctls and tunables have been renamed for consistency 1348 with other variables: 1349 kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered 1350 kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered 1351 135220120628: 1353 The sort utility has been replaced with BSD sort. For now, GNU sort 1354 is also available as "gnusort" or the default can be set back to 1355 GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be 1356 installed as "bsdsort". 1357 135820120611: 1359 A new version of ZFS (pool version 5000) has been merged to -HEAD. 1360 Starting with this version the old system of ZFS pool versioning 1361 is superseded by "feature flags". This concept enables forward 1362 compatibility against certain future changes in functionality of ZFS 1363 pools. The first read-only compatible "feature flag" for ZFS pools 1364 is named "com.delphix:async_destroy". For more information 1365 read the new zpool-features(5) manual page. 1366 Please refer to the "ZFS notes" section of this file for information 1367 on upgrading boot ZFS pools. 1368 136920120417: 1370 The malloc(3) implementation embedded in libc now uses sources imported 1371 as contrib/jemalloc. The most disruptive API change is to 1372 /etc/malloc.conf. If your system has an old-style /etc/malloc.conf, 1373 delete it prior to installworld, and optionally re-create it using the 1374 new format after rebooting. See malloc.conf(5) for details 1375 (specifically the TUNING section and the "opt.*" entries in the MALLCTL 1376 NAMESPACE section). 1377 137820120328: 1379 Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb 1380 is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is 1381 now spelled mips. This is to aid compatibility with third-party 1382 software that expects this naming scheme in uname(3). Little-endian 1383 settings are unchanged. If you are updating a big-endian mips64 machine 1384 from before this change, you may need to set MACHINE_ARCH=mips64 in 1385 your environment before the new build system will recognize your machine. 1386 138720120306: 1388 Disable by default the option VFS_ALLOW_NONMPSAFE for all supported 1389 platforms. 1390 139120120229: 1392 Now unix domain sockets behave "as expected" on nullfs(5). Previously 1393 nullfs(5) did not pass through all behaviours to the underlying layer, 1394 as a result if we bound to a socket on the lower layer we could connect 1395 only to the lower path; if we bound to the upper layer we could connect 1396 only to the upper path. The new behavior is one can connect to both the 1397 lower and the upper paths regardless what layer path one binds to. 1398 139920120211: 1400 The getifaddrs upgrade path broken with 20111215 has been restored. 1401 If you have upgraded in between 20111215 and 20120209 you need to 1402 recompile libc again with your kernel. You still need to recompile 1403 world to be able to configure CARP but this restriction already 1404 comes from 20111215. 1405 140620120114: 1407 The set_rcvar() function has been removed from /etc/rc.subr. All 1408 base and ports rc.d scripts have been updated, so if you have a 1409 port installed with a script in /usr/local/etc/rc.d you can either 1410 hand-edit the rcvar= line, or reinstall the port. 1411 1412 An easy way to handle the mass-update of /etc/rc.d: 1413 rm /etc/rc.d/* && mergemaster -i 1414 141520120109: 1416 panic(9) now stops other CPUs in the SMP systems, disables interrupts 1417 on the current CPU and prevents other threads from running. 1418 This behavior can be reverted using the kern.stop_scheduler_on_panic 1419 tunable/sysctl. 1420 The new behavior can be incompatible with kern.sync_on_panic. 1421 142220111215: 1423 The carp(4) facility has been changed significantly. Configuration 1424 of the CARP protocol via ifconfig(8) has changed, as well as format 1425 of CARP events submitted to devd(8) has changed. See manual pages 1426 for more information. The arpbalance feature of carp(4) is currently 1427 not supported anymore. 1428 1429 Size of struct in_aliasreq, struct in6_aliasreq has changed. User 1430 utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8), 1431 need to be recompiled. 1432 143320111122: 1434 The acpi_wmi(4) status device /dev/wmistat has been renamed to 1435 /dev/wmistat0. 1436 143720111108: 1438 The option VFS_ALLOW_NONMPSAFE option has been added in order to 1439 explicitely support non-MPSAFE filesystems. 1440 It is on by default for all supported platform at this present 1441 time. 1442 144320111101: 1444 The broken amd(4) driver has been replaced with esp(4) in the amd64, 1445 i386 and pc98 GENERIC kernel configuration files. 1446 144720110930: 1448 sysinstall has been removed 1449 145020110923: 1451 The stable/9 branch created in subversion. This corresponds to the 1452 RELENG_9 branch in CVS. 1453 1454COMMON ITEMS: 1455 1456 General Notes 1457 ------------- 1458 Avoid using make -j when upgrading. While generally safe, there are 1459 sometimes problems using -j to upgrade. If your upgrade fails with 1460 -j, please try again without -j. From time to time in the past there 1461 have been problems using -j with buildworld and/or installworld. This 1462 is especially true when upgrading between "distant" versions (eg one 1463 that cross a major release boundary or several minor releases, or when 1464 several months have passed on the -current branch). 1465 1466 Sometimes, obscure build problems are the result of environment 1467 poisoning. This can happen because the make utility reads its 1468 environment when searching for values for global variables. To run 1469 your build attempts in an "environmental clean room", prefix all make 1470 commands with 'env -i '. See the env(1) manual page for more details. 1471 1472 When upgrading from one major version to another it is generally best 1473 to upgrade to the latest code in the currently installed branch first, 1474 then do an upgrade to the new branch. This is the best-tested upgrade 1475 path, and has the highest probability of being successful. Please try 1476 this approach before reporting problems with a major version upgrade. 1477 1478 When upgrading a live system, having a root shell around before 1479 installing anything can help undo problems. Not having a root shell 1480 around can lead to problems if pam has changed too much from your 1481 starting point to allow continued authentication after the upgrade. 1482 1483 This file should be read as a log of events. When a later event changes 1484 information of a prior event, the prior event should not be deleted. 1485 Instead, a pointer to the entry with the new information should be 1486 placed in the old entry. Readers of this file should also sanity check 1487 older entries before relying on them blindly. Authors of new entries 1488 should write them with this in mind. 1489 1490 ZFS notes 1491 --------- 1492 When upgrading the boot ZFS pool to a new version, always follow 1493 these two steps: 1494 1495 1.) recompile and reinstall the ZFS boot loader and boot block 1496 (this is part of "make buildworld" and "make installworld") 1497 1498 2.) update the ZFS boot block on your boot drive 1499 1500 The following example updates the ZFS boot block on the first 1501 partition (freebsd-boot) of a GPT partitioned drive ada0: 1502 "gpart bootcode -p /boot/gptzfsboot -i 1 ada0" 1503 1504 Non-boot pools do not need these updates. 1505 1506 To build a kernel 1507 ----------------- 1508 If you are updating from a prior version of FreeBSD (even one just 1509 a few days old), you should follow this procedure. It is the most 1510 failsafe as it uses a /usr/obj tree with a fresh mini-buildworld, 1511 1512 make kernel-toolchain 1513 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE 1514 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE 1515 1516 To test a kernel once 1517 --------------------- 1518 If you just want to boot a kernel once (because you are not sure 1519 if it works, or if you want to boot a known bad kernel to provide 1520 debugging information) run 1521 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel 1522 nextboot -k testkernel 1523 1524 To just build a kernel when you know that it won't mess you up 1525 -------------------------------------------------------------- 1526 This assumes you are already running a CURRENT system. Replace 1527 ${arch} with the architecture of your machine (e.g. "i386", 1528 "arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc). 1529 1530 cd src/sys/${arch}/conf 1531 config KERNEL_NAME_HERE 1532 cd ../compile/KERNEL_NAME_HERE 1533 make depend 1534 make 1535 make install 1536 1537 If this fails, go to the "To build a kernel" section. 1538 1539 To rebuild everything and install it on the current system. 1540 ----------------------------------------------------------- 1541 # Note: sometimes if you are running current you gotta do more than 1542 # is listed here if you are upgrading from a really old current. 1543 1544 <make sure you have good level 0 dumps> 1545 make buildworld 1546 make kernel KERNCONF=YOUR_KERNEL_HERE 1547 [1] 1548 <reboot in single user> [3] 1549 mergemaster -Fp [5] 1550 make installworld 1551 mergemaster -Fi [4] 1552 make delete-old [6] 1553 <reboot> 1554 1555 To cross-install current onto a separate partition 1556 -------------------------------------------------- 1557 # In this approach we use a separate partition to hold 1558 # current's root, 'usr', and 'var' directories. A partition 1559 # holding "/", "/usr" and "/var" should be about 2GB in 1560 # size. 1561 1562 <make sure you have good level 0 dumps> 1563 <boot into -stable> 1564 make buildworld 1565 make buildkernel KERNCONF=YOUR_KERNEL_HERE 1566 <maybe newfs current's root partition> 1567 <mount current's root partition on directory ${CURRENT_ROOT}> 1568 make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC 1569 make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd 1570 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT} 1571 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd 1572 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition> 1573 <reboot into current> 1574 <do a "native" rebuild/install as described in the previous section> 1575 <maybe install compatibility libraries from ports/misc/compat*> 1576 <reboot> 1577 1578 1579 To upgrade in-place from stable to current 1580 ---------------------------------------------- 1581 <make sure you have good level 0 dumps> 1582 make buildworld [9] 1583 make kernel KERNCONF=YOUR_KERNEL_HERE [8] 1584 [1] 1585 <reboot in single user> [3] 1586 mergemaster -Fp [5] 1587 make installworld 1588 mergemaster -Fi [4] 1589 make delete-old [6] 1590 <reboot> 1591 1592 Make sure that you've read the UPDATING file to understand the 1593 tweaks to various things you need. At this point in the life 1594 cycle of current, things change often and you are on your own 1595 to cope. The defaults can also change, so please read ALL of 1596 the UPDATING entries. 1597 1598 Also, if you are tracking -current, you must be subscribed to 1599 freebsd-current@freebsd.org. Make sure that before you update 1600 your sources that you have read and understood all the recent 1601 messages there. If in doubt, please track -stable which has 1602 much fewer pitfalls. 1603 1604 [1] If you have third party modules, such as vmware, you 1605 should disable them at this point so they don't crash your 1606 system on reboot. 1607 1608 [3] From the bootblocks, boot -s, and then do 1609 fsck -p 1610 mount -u / 1611 mount -a 1612 cd src 1613 adjkerntz -i # if CMOS is wall time 1614 Also, when doing a major release upgrade, it is required that 1615 you boot into single user mode to do the installworld. 1616 1617 [4] Note: This step is non-optional. Failure to do this step 1618 can result in a significant reduction in the functionality of the 1619 system. Attempting to do it by hand is not recommended and those 1620 that pursue this avenue should read this file carefully, as well 1621 as the archives of freebsd-current and freebsd-hackers mailing lists 1622 for potential gotchas. The -U option is also useful to consider. 1623 See mergemaster(8) for more information. 1624 1625 [5] Usually this step is a noop. However, from time to time 1626 you may need to do this if you get unknown user in the following 1627 step. It never hurts to do it all the time. You may need to 1628 install a new mergemaster (cd src/usr.sbin/mergemaster && make 1629 install) after the buildworld before this step if you last updated 1630 from current before 20130425 or from -stable before 20130430. 1631 1632 [6] This only deletes old files and directories. Old libraries 1633 can be deleted by "make delete-old-libs", but you have to make 1634 sure that no program is using those libraries anymore. 1635 1636 [8] In order to have a kernel that can run the 4.x binaries needed to 1637 do an installworld, you must include the COMPAT_FREEBSD4 option in 1638 your kernel. Failure to do so may leave you with a system that is 1639 hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is 1640 required to run the 5.x binaries on more recent kernels. And so on 1641 for COMPAT_FREEBSD6 and COMPAT_FREEBSD7. 1642 1643 Make sure that you merge any new devices from GENERIC since the 1644 last time you updated your kernel config file. 1645 1646 [9] When checking out sources, you must include the -P flag to have 1647 cvs prune empty directories. 1648 1649 If CPUTYPE is defined in your /etc/make.conf, make sure to use the 1650 "?=" instead of the "=" assignment operator, so that buildworld can 1651 override the CPUTYPE if it needs to. 1652 1653 MAKEOBJDIRPREFIX must be defined in an environment variable, and 1654 not on the command line, or in /etc/make.conf. buildworld will 1655 warn if it is improperly defined. 1656FORMAT: 1657 1658This file contains a list, in reverse chronological order, of major 1659breakages in tracking -current. It is not guaranteed to be a complete 1660list of such breakages, and only contains entries since September 23, 2011. 1661If you need to see UPDATING entries from before that date, you will need 1662to fetch an UPDATING file from an older FreeBSD release. 1663 1664Copyright information: 1665 1666Copyright 1998-2009 M. Warner Losh. All Rights Reserved. 1667 1668Redistribution, publication, translation and use, with or without 1669modification, in full or in part, in any form or format of this 1670document are permitted without further permission from the author. 1671 1672THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR 1673IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 1674WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 1675DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT, 1676INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 1677(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 1678SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1679HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1680STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 1681IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 1682POSSIBILITY OF SUCH DAMAGE. 1683 1684Contact Warner Losh if you have any questions about your use of 1685this document. 1686 1687$FreeBSD: releng/11.0/UPDATING 322343 2017-08-10 06:59:26Z delphij $ 1688