Copyright � 2014 The FreeBSD Documentation Project
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “�” symbol.
The release notes for FreeBSD 9.3-RELEASE contain a summary of the changes made to the FreeBSD base system on the 9.3-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 9.3-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 9.3-RELEASE is
a release distribution. It can be found at http://www.FreeBSD.org/releases/
or any of its
mirrors. More information on obtaining this (or other)
release distributions of FreeBSD can be found in the “Obtaining
FreeBSD” appendix to the FreeBSD
Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 9.3-RELEASE can be found on the FreeBSD Web site.
This section describes the most user-visible new or changed features in FreeBSD since 9.2-RELEASE.
Typical release note items document recent security advisories issued after 9.2-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Problems described in the following security advisories
have been fixed. For more information, consult the individual
advisories available from http://security.FreeBSD.org/
.
Advisory | Date | Topic |
---|---|---|
FreeBSD-SA-14:01.bsnmpd | 14�January�2014 | Fix bsnmpd(1) remote denial of service vulnerability |
FreeBSD-SA-14:02.ntpd | 14�January�2014 | Disable “monitor” feature in ntpd(8) by default |
FreeBSD-SA-14:04.bind | 14�January�2014 | Remote denial of service vulnerability |
FreeBSD-SA-14:05.nfsserver | 8�April�2014 | Deadlock in the NFS server |
FreeBSD-SA-14:06.openssl | 8�April�2014 | ECDSA side channel leak |
FreeBSD-SA-14:08.tcp | 30�April�2014 | TCP reassembly vulnerability |
FreeBSD-SA-14:11.sendmail | 26�May�2014 | Sendmail improper close-on-exec flag handling |
FreeBSD-SA-14:12.ktrace | 3�June�2014 | ktrace(1) kernel memory disclosure |
FreeBSD-SA-14:13.pam | 3�June�2014 | Incorrect error handling in PAM policy parser |
FreeBSD-SA-14:14.openssl | 5�June�2014 | Multiple vulnerabilities |
FreeBSD-SA-14:16.file | 24�June�2014 | Multiple vulnerabilities |
FreeBSD-SA-14:17.kmem | 8�July�2014 | Kernel memory disclosure in control messages and SCTP notifications |
The arcmsr(4) driver has been updated to version 1.20.00.28. [r256033]
The isci(4) driver is now loadable via kldload(8). [r256437] (Sponsored by The�FreeBSD�Foundation)
System-level sysctl(8) values are now exposed to the system for the ixgbe(4) device. [r256759]
The mfi(4) driver has been updated to support MegaRAID Invader controllers. [r256924]
A kernel panic triggered in
zfs_root()
after a failed rollback has
been fixed. [r257119]
A new sysctl(8),
debug.devfs_iosize_max_clamp
has been added
which enables and disables SSIZE_MAX
-sized
I/O requests on devfs(5) files. [r257125]
(Sponsored by
The�FreeBSD�Foundation)
A new
sysctl(8), kern.disallow_high_osrel
,
has been added which disables executing the images compiled on
a userland with a higher major version number than the major
version number of the running kernel. [r257126]
(Sponsored by
The�FreeBSD�Foundation)
A kernel panic triggered by unmounting a busy zfs(8) filesystem has been fixed. [r257253]
A deadlock triggered by powering off a USB device has been fixed. [r257373]
The ichsmb(4) driver has been updated to support Intel Lynx Point PCH SMBus devices. [r258214]
The ata(4) driver has been updated to support Coleto Creek devices. [r258215]
The ahci(4) driver has been updated to support the PCI-express solid state drive in the Apple��MacBook Air (model A1465). [r258217]
The sysctl(8)
vfs.zfs.arc_meta_limit
can now be changed
at runtime. [r258635]
The mmap(2) system call has been updated to more optimally use superpages and provide support for tweaking the alignment of virtual mappings. [r258870]
A workaround has been implemented in the bge(4) driver for hung transmission on BCM5719 and BCM5720 chipsets. [r258962]
A kernel panic when listing sysctls
on a system with INVARIANTS
enabled has
been fixed. [r259002]
A new sysctl(8),
kern.supported_archs
has been added,
which will list the MACHINE_ARCH
values
whose binaries can be run on the system. [r259466]
Several problems that could trigger kernel panic on kldload(8) and kldunload(8) have been fixed. [r259519] (Sponsored by Spectra Logic)
A kernel panic triggered by some multi-threaded applications has been fixed. [r260082] (Sponsored by The�FreeBSD�Foundation)
The runfw(4) firmware has been
renamed from runfw
to
run.fw
for consistency with other firmware
files. [r260134]
A new sysctl(8),
kern.panic_reboot_wait_time
, has been
added. This allows tuning the amount of time the system
will wait before rebooting after panic(9). The
kern.panic_reboot_wait_time
value defaults
to the kernel configuration option,
PANIC_REBOOT_WAIT_TIME
. [r260433]
Hardware Random Number Generators have been disabled by default. [r260644]
Support for GPS ports has been added to the uhso(4) driver. [r261485]
A memory leak of compressed buffers
has been fixed in
l2arc_write_done()
. [r262116]
The netmap(4) framework has been
updated to match the version in head/
,
which includes netmap pipes, kqueue support, and enhanced
VALE switch port. [r262153]
A deadlock triggered by sending a mounted zfs(8) snapshot has been fixed. [r262175]
Support for SIIG X1 PCI-e has been added to ppc(4). [r262231]
Support for the ext4 filesystem has been enabled, supporting read-only mounts. [r262564]
A kernel panic triggered by inserting a USB ethernet device on VIMAGE-enabled systems has been fixed. [r262594]
TTM, a memory manager used by video drivers, has been merged. [r262988] (Sponsored by The�FreeBSD�Foundation)
Support for
/sys/kernel/random/uuid
has been added
to linprocfs(5). [r263103]
A memory leak in the
zpool_in_use()
function has been
fixed. [r263128]
The
extensible_dataset
zpool(8) feature
has been added. See zpool-features(7) for more
information. [r263391]
A memory leak has been fixed in
libzfs
. [r263408]
The vt(4) driver
has been merged from head/
. [r263817,263818]
(Sponsored by
The�FreeBSD�Foundation)
The mpr(4) device has been added, providing support for LSI Fusion-MPT 3 12Gb SCSI/SATA controllers. [r265729] (Sponsored by LSI, Spectra Logic)
A kernel bug that inhibited proper
functionality of the dev.cpu.0.freq
sysctl(8) on Intel� processors with Turbo
Boost�™ enabled has been fixed. [r266167]
Support for xen(4)
hardware-assisted virtualization, XENHVM
,
is now available as a loadable module,
xenhvm.ko
. [r266269]
Trackpad support for Apple��MacBook products has been added. [r261510]
The nve(4) driver has been deprecated, and the nfe(4) driver should be used instead. [r261973]
The mfi(4) driver has been updated to support MegaRAID Fury cards. [r262968]
The Radeon KMS driver has been added. [r263170,263171]
The aacraid(4) driver has been updated to version 3.2.5. [r263340]
The re(4) driver has been updated to add preliminary support for the RTL8106E chipset. [r257611]
The re(4) driver has been updated to support the RTL8168G, RTL8168GU and RTL8411B chipsets. [r257614,257616]
The re(4) driver has been updated to add preliminary support for the RTL8168EP chipset. [r257618]
The oce(4) driver has been updated to version 10.0.664.0. [r258586]
The qlxgbe(4) driver has been
imported from head/
. [r258898]
The qlxge(4) driver has been
imported from head/
. [r258936]
The bge(4) driver has been updated to support the BCM5725 chipset. [r258965]
The bge(4) driver has been updated to support the BCM57764, BCM57767, BCM57782, BCM57786 and BCM57787 chipsets. [r258967]
The run(4) driver has been updated to support MediaTek/Ralink chipsets RT5370 and RT5372. [r259457]
The usb(4) wireless radiotap headers have been realigned, allowing wireless adapters to work on arm, mips, and other similar platforms where alignment is important. [r259460]
The run(4) firmware has been updated to version 0.33. [r260119]
The bxe(4) driver has been
merged from head/
, providing support
for Broadcom NetXtreme II 10Gb PCIe adapters. [r260252]
The run(4) driver has been updated to include support for the MediaTek/Ralink RT3593 chipset. [r261865]
The run(4) driver has been updated to include support for the DLINK DWA-127 wireless adapter. [r261933]
The axge(4) driver has been added. [r262153]
The urndis(4) driver has been imported from OpenBSD. [r262362]
The bxe(4) driver has been updated to version 1.78.78. [r263582]
A new flag -c
, has
been added to pgrep(1) and pkill(1), which restricts
the process lookup to the specified login class. [r256054]
The ddb(8) utility has been updated
to add show ioapic
and show all
ioapics
. [r257496]
Setting nmbcluster
values to their current value will now be ignored, instead of
failing with an error. [r258183]
The /var/cache
directory is now
created with mode 0755
instead of mode
0750
, since this directory is used by
many third-party applications, which makes dropping group
privileges impossible. [r258763]
The uname(1) utility has been
updated to include the -U
and
-K
flags, which print the
__FreeBSD_version
for the running userland
and kernel, respectively. [r258818]
The fetch(3) library has been updated to support SNI (Server Name Identification), allowing to use virtual hosts on HTTPS. [r258844]
A segmentation fault and internal compiler error bug in gcc(1) triggered by throwing a warning before parsing any tokens has been fixed. [r259243]
Several updates to gcc(1) have been imported from Google. [r259269,259406] (Contributed / provided by Google)
A byte-order bug in the Heimdal
gss_pseudo_random()
function which would
prevent interoperability with other
Kerberos implementations has been
fixed. In particular, this would prevent interoperability
with the MIT implementation. [r259448]
The hastctl(8) utility has been updated to output the current queue sizes. [r260007]
The ps(1) utility will no longer
truncate the command
output column. [r260197]
The protect(1) command has been added, which allows exempting processes from being killed when swap is exhausted. [r260208]
The gmirror(8) utility now prevents deactivating the last component of a mirror. [r260507]
A new gmirror(8) command,
gmirror destroy
, has been added, which will
destroy the geom(8) and erase the gmirror(8)
metadata. [r260507]
The etcupdate(8) utility, a tool
for managing updates to files in /etc
, has been merged from
head/
. [r260650]
The find(1) utility has been
updated to fix incorrect behavior with the
-lname
and -ilname
flags. [r260651]
The
hw.uart.console
is now always updated when
the comconsole setup changes. [r260868,260869]
The kldload(8) utility has been updated to display a message directing to dmesg(8), instead of the cryptic message “Exec format error”. [r260909]
A bug that could trigger an infinite loop in KDE and X has been fixed. [r261674]
The newsyslog(8) utility has been changed to use the size of the file, instead of the blocks the file takes on the disk to match the behavior documented in newsyslog.conf(5). [r262076]
A bug in zdb(8) which would cause numeric parameters to a flag as being treated as additional flags has been fixed. [r262105]
The pciconf(8) utility now has
a -V
flag, which lists information such
as serial numbers for each device. [r262134]
A bug that would allow creating a zfs(8) snapshot of an inconsistent dataset has been fixed. [r262158]
Receiving a zfs(8) dataset with
zfs recv -F
now properly destroys any
snapshots that were created since the incremental source
snapshot. [r262160]
Installation from a read-only
.OBJDIR
has been fixed. [r263031]
A new shared library directory,
/usr/lib/private
,
has been added for internal-use shared libraries. [r263031]
A default
libmap32.conf
has been added, for 32-bit
applications. [r263031]
The libucl
library,
a JSON-compatible configuration file parsing library, has been
imported. [r263032]
The pkg(7) package management
utility has been syncronized with head/
.
This implements binary package signature verification when
bootstrapping the system with pkg
bootstrap
. [r263038]
The system timezone data files have been updated to version tzdata2014a. [r263042]
The NetBSD make(1) utility,
bmake
has been imported for compatibility
with the FreeBSD�Ports Collection. It is installed as
bmake
, and the make
remains the FreeBSD version. [r263212]
The fetch(3) library now
supports Last-Modified
timestamps which
return UTC instead of GMT. [r263326]
Aliases for the zfs(8) commands
list -t snap
and snap
have been added to match Oracle��Solaris 11. [r263404]
A new flag, -p
, has
been added to the zfs(8) list
command,
providing output in a parseable form. [r263406]
OpenPAM has been updated to Nummularia (20130907), which incorporates several bug fixes and documentation improvements. The openpam_ttyconv(3) library has been completely rewritten. [r263421]
The sh(1) command interpreter has
been updated to expand assignments after
export
, local
, and
readonly
differently. As result of this
change, variable assignment such as local
v=$1
will assign the first positional
parameter to v
, even if
$1
contains spaces, and
local w=
will expand the tilde (~/myfile
~
). [r264423]
The find(1) utility has been
updated to implement -ignore_readdir_race
.
Prior to this change, -ignore_readdir_race
existed as an option for GNU find(1) compatibility, and
was ignored if specified. A counter primary,
-noignore_readdir_race
now also exists, and
is the default behavior. [r264699]
The ps(1) utility has been updated
to include the -J
flag, used to filter
output by matching jail(8) IDs and names. Additionally,
argument 0
can be used to
-J
to only list processes running on the
host system. [r266286]
The top(1) utility has been updated
to filter by jail(8) ID or name, in followup to the
ps(1) change in r265229
. [r266287]
The Blowfish crypt(3) default
format has been changed to
$2b$
. [r266818]
The default newsyslog.conf(5) now
includes files in the
/etc/newsyslog.conf.d/
and
/usr/local/etc/newsyslog.conf.d/
directories by default for newsyslog(8). [r267114]
A new flag, “onifconsole”
has been added to /etc/ttys
. This allows
the system to provide a login prompt via serial console if the
device is an active kernel console, otherwise it is equivalent
to off
. [r267243]
The arc4random(3) library has been updated to match that of FreeBSD-CURRENT. [r267379]
The pmcstat(8) utility has been
updated to include a new flag, -l
, which
ends event collection after the specified number of
seconds. [r267411]
The FreeBSD�Project has migrated from the GNATS bug tracking system to Bugzilla. The send-pr(1) utility used for submitting problem reports has been replaced with a stub shell script that instructs to use the Bugzilla web interface. [r267911]
The
/etc/periodic/security/800.loginfail
periodic(8) script has been refined to catch more
authentication failures and reduce false positives. [r263662]
Support for “first boot” scripts has been added to rc(8). See rc(8) and rc.conf(5) for implementation details. [r256917]
The rc(8) system will now
re-source rc.conf(5) on receipt of
SIGALRM
. [r260432]
The readline(3) library has been updated to version 1.104. [r255934]
Sendmail has been updated to version 8.14.9. [r266711]
BIND has been updated to version 9.9.5. [r262706] (Sponsored by DK Hostmaster A/S)
The xz(1) utility has been updated to a post-5.0.5 snapshot. [r263286]
OpenSSH has been updated to version 6.6p1. [r263970]
OpenSSL has been updated to version 0.9.8za. [r267285]
Note to FreeBSD desktop users: please read this section carefully, especially before upgrading ports that depend on Xorg.
In April 2014, the FreeBSD Ports collection switched to a newer version of Xorg that supports KMS (Kernel Mode Setting).
Users upgrading from earlier versions of FreeBSD�9.x or FreeBSD�8.x should be aware of several things regarding Xorg:
When applications are built from the FreeBSD Ports
Collection or installed from the new_xorg
pkg(8) repository, the newer, KMS-aware version of
Xorg is used.
The KMS version of
Xorg does not switch back to
text mode after leaving the X desktop environment, and
the system console will not be visible. The new
vt(4) console driver supports graphic consoles and
keeps the console visible after X has exited. The
vt(4) driver must be compiled into the kernel.
A VT
kernel configuration example
file is included in 9.3-RELEASE, but is not
compiled or enabled by default. See vt(4) and the
vt(4) wiki
page for additional information.
Packages for KDE4 are not
available in the default (latest
)
pkg(8) repository, however are available in the
new_xorg
repository. See the announcement
email for details on how to use the
new_xorg
repository.
The older Xorg that does
not support KMS can still be
installed from the latest
upstream
pkg(8) repository and the packages included on the
9.3-RELEASE DVD.
However, it is important to note that some newer applications require the newer Xorg, and will not work with the old version. The newer Xorg is recommended, and should be used unless not compatible with legacy graphics cards.
To continue using the old version of
Xorg when building from the
FreeBSD�Ports Collection, set
WITHOUT_NEW_XORG=yes
in
make.conf(5).
As part of the release build, the etcupdate(8) utility will bootstrap the system, allowing etcupdate(8) to work after the first upgrade of a system. [r260891]
The release.sh
script and release Makefile
have been
updated to use pkg(7) to populate the dvd installation
medium. [r262879]
(Sponsored by
The�FreeBSD�Foundation)
The services.mkdb(8) utility has
been updated to support multiple byte orders. Similar to
cap_mkdb(1), the services.db
will
be created with proper endinanness as part of
cross-architecture release builds. [r263028]
[amd64,i386] Binary upgrades between RELEASE versions
(and snapshots of the various security branches) are supported
using the freebsd-update(8) utility. The binary upgrade
procedure will update unmodified userland utilities, as well
as an unmodified GENERIC
kernel,
distributed as a part of an official FreeBSD release. The
freebsd-update(8) utility requires that the host being
upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are
supported using to the instructions in
/usr/src/UPDATING
.
For more specific information about upgrading
instructions, see http://www.FreeBSD.org/releases/9.3R/installation.html
.
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.
FreeBSD�9.0 and later versions have several configuration incompatibilities with earlier versions of FreeBSD. These differences are best understood before upgrading. Please read this section and the Upgrading Section in 9.0-RELEASE Release Notes carefully before submitting a problem report and/or posting a question to the FreeBSD mailing lists.
This file, and other release-related documents, can be downloaded from http://www.FreeBSD.org/releases/.
For questions about FreeBSD, read the documentation before contacting <[email protected]>.
All users of FreeBSD 9.3-STABLE should subscribe to the <[email protected]> mailing list.
For questions about this documentation, e-mail <[email protected]>.