Index: head/release/doc/en_US.ISO8859-1/relnotes/article.xml =================================================================== --- head/release/doc/en_US.ISO8859-1/relnotes/article.xml (revision 302430) +++ head/release/doc/en_US.ISO8859-1/relnotes/article.xml (revision 302431) @@ -1,1911 +1,1916 @@ %release; %sponsor; %vendor; ]>
&os; &release.current; Release Notes The &os; Project $FreeBSD$ 2015 2016 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at &release.url;. The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at &release.url;. This distribution of &os; &release.current; is a &release.type; distribution. It can be found at &release.url; or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This document describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Upgrading from Previous Releases of &os; Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should only be attempted after backing up all data and configuration files. Security and Errata This section lists the various Security Advisories and Errata Notices since &release.prev;. Security Advisories &security; Errata Notices &errata; Userland This section covers changes and additions to userland applications, contributed software, and system utilities. Userland Configuration Changes The default &man.newsyslog.conf.5; now includes files in the /etc/newsyslog.conf.d/ and /usr/local/etc/newsyslog.conf.d/ directories by default for &man.newsyslog.8;. The &man.mailwrapper.8; utility has been updated to use &man.mailer.conf.5; from the LOCALBASE environment variable, which defaults to /usr/local if unset. The MK_ARM_EABI &man.src.conf.5; option has been removed. The ntp suite has been updated to version 4.2.8p8. Userland Application Changes When unable to load a kernel module with &man.kldload.8;, a message informing to view output of &man.dmesg.8; is now printed, opposed to the previous output Exec format error.. Allow &man.pciconf.8; to identify PCI devices that are attached to a driver to be identified by their device name instead of just the selector. Additionally, an optional device argument to the -l flag to restrict the output to only listing details about a single device. A new flag, onifconsole has been added to /etc/ttys. This allows the system to provide a login prompt via serial console if the device is an active kernel console, otherwise it is equivalent to off. Support for displaying VPD for PCI devices via &man.pciconf.8; has been added. &man.ping.8; protects against malicious network packets using the Capsicum framework to drop privileges. The &man.ps.1; utility has been updated to include the -J flag, used to filter output by matching &man.jail.8; IDs and names. Additionally, argument 0 can be used to -J to only list processes running on the host system. The &man.top.1; utility has been updated to filter by &man.jail.8; ID or name, in followup to the &man.ps.1; change in r265229. The &man.pmcstat.8; utility has been updated to include a new flag, -l, which ends event collection after the specified number of seconds. The &man.ps.1; utility has been updated to include a new keyword, tracer, which displays the PID of the tracing process. Support for adding empty partitions has been added to the &man.mkimg.1; utility. The &man.primes.6; utility has been updated to correctly enumerate prime numbers between 4295098369 and 3825123056546413050, which prior to this change, it would be possible for returned values to be incorrectly identified as prime numbers. The &man.mkimg.1; utility has been updated to include three options used to print information about &man.mkimg.1; itself: Option Output --version The current version of the &man.mkimg.1; utility --formats The disk image file formats supported by &man.mkimg.1; --schemes The partition schemes supported by &man.mkimg.1; Userland &man.ctf.5; support in &man.dtrace.1; has been added. With this change, &man.dtrace.1; is able to resolve type info for function and USDT probe arguments, and function return values. The &man.elfdump.1; utility has been updated to support capability mode provided by &man.capsicum.4;. The &man.fstyp.8; utility has been added, which is used to determine the filesystem on a specified device. The libedit library has been updated to support UTF-8, which additionally provides unicode support to &man.sh.1;. The &man.mkimg.1; utility has been updated to support the MBR EFI partition type. The &man.ptrace.2; system call has been updated include support for Altivec registers on &os;/&arch.powerpc;. A new device control utility, &man.devctl.8; has been added, which allows making administrative changes to individual devices, such as attaching and detaching drivers, and enabling and disabling devices. The &man.devctl.8; utility uses the new &man.devctl.3; library. The &man.netstat.1; utility has been updated to link against the &man.libxo.3; shared library. A new flag, -c, has been added to the &man.mkimg.1; utility, which allows specifying the capacity of the target disk image. The &man.uefisign.8; utility has been added. The &man.freebsd-update.8; utility has been updated to prevent fetching updated binary patches when a previous upgrade has not been thoroughly completed. A regression in the &man.libarchive.3; library that would prevent a directory from being included in the archive when --one-file-system is used has been fixed. The &man.ar.1; utility has been updated to set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT to disallow directory traversal when extracting an archive, similar to &man.tar.1;. A race condition in &man.wc.1; that would cause final results to be sent to &man.stderr.4; when receiving the SIGINFO signal has been fixed. The &man.chflags.1;, &man.chgrp.1;, &man.chmod.1;, and &man.chown.8; utilities now affect symbolic links when the -R flag is specified, as documented in &man.symlink.7;. The &man.date.1; utility has been updated to print the modification time of the file passed as an argument to the -r flag, improving compatibility with the GNU &man.date.1; utility behavior. The &man.pw.8; utility has been updated with a new flag, -R, that sets the root directory within which the utility will operate. The &man.lockstat.1; utility has been updated with several improvements: Spin locks are now reported as the amount of time spinning, instead of loop iterations. Reader locks are now recognized as adaptive that can spin on &os;. Lock aquisition events for successful reader try-lock events are now reported. Spin and block events are now reported before lock acquisition events. The &man.fstyp.8; utility has been updated to be able to detect &man.zfs.8; and &man.geli.8; filesystems. The &man.mkimg.1; utility has been updated to include support for NTFS filesystems in both MBR and GPT partitioning schemes. The &man.quota.1; utility has been updated to include support for IPv6. The &man.jexec.8; utility has been updated to include a new flag, -l, which ensures a clean environment in the target jail when used. Additionally, &man.jexec.8; will run a shell within the target jail when run no commands are specified. The &man.w.1; utility has been updated to display the full IPv6 remote address of the host from which a user is connected. The &man.jail.8; framework has been updated to allow mounting &man.linprocfs.5; and &man.linsysfs.5; within a jail. The &man.patch.1; utility has been updated to include a new option to the -V flag, none, which disables backup file creation when applying a patch. The &man.ar.1; utility now enables deterministic mode (-D) by default. This behavior can be disabled by specifying the -U flag. The &man.xargs.1; utility has been updated to allow specifying 0 as an argument to the -P (parallel mode) flag, which allows creating as many concurrent processes as possible. The &man.patch.1; utility has been updated to remove the automatic checkout feature. A new utility, &man.sesutil.8;, has been added, which is used to manage &man.ses.4; devices. The &man.pciconf.8; utility has been updated to use the PCI ID database from the misc/pciids package, if present, falling back to the PCI ID database in the &os; base system. The &man.ifconfig.8; utility has been updated to always exit with an error code if an important &man.ioctl.2; fails. Contributed Software &man.byacc.1; has been updated to version 20140101. OpenSSH has been updated to 7.2p2. mdocml has been updated to version 1.12.3. The binutils suite of utilities has been updated to include upstream patches that add new relocations for &arch.powerpc; support. The ELF Tool Chain has been updated to upstream revision r3136. The texinfo utility and info pages were removed from the base system. The print/texinfo port should be installed on systems where info pages are needed. The ELF object manipulation tools addr2line, elfcopy (strip), nm, readelf, size, and strings were switched to the versions from the ELF Tool Chain project. The libedit library has been updated to include UTF-8 support, adding UTF-8 support to the &man.sh.1; shell. The &man.xz.1; utility has been updated to support multi-threaded compression. The elftoolchain utilities have been updated to version 3179. The &man.xz.1; utility has been updated to version 5.2.2. The &man.nvi.1; utility has been updated to version 2.1.3. The &man.wpa.supplicant.8; and &man.hostapd.8; utilities have been updated to version 2.4. The &man.resolvconf.8; utility has been updated to version 3.7.3. bmake has been updated to version 20150606. sendmail has been updated to 8.15.2. Starting with &os; 11.0 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by default, i.e., they will not contain ::. For example, instead of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet to have a more specific match, such as different map entries for IPv6:0:0 versus IPv6:0. This change requires that configuration data (including maps, files, classes, custom ruleset, etc.) must use the same format, so make certain such configuration data is upgrading. As a very simple check search for patterns like 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or the cf option UseCompressedIPv6Addresses. The &man.tcpdump.1; utility has been updated to version 4.7.4. OpenSSL has been updated to version 1.0.2h. The &man.ssh.1; utility has been updated to re-implement hostname canonicalization before locating the host in known_hosts. The &man.libarchive.3; library has been updated to properly skip a sparse file entry in a &man.tar.1; file, which would previously produce errors. The apr library used by &man.svnlite.1; has been updated to version 1.5.2. The serf library used by &man.svnlite.1; has been updated to version 1.3.8. The &man.svnlite.1; utility has been updated to version 1.8.14. The sqlite3 library used by &man.svnlite.1; and &man.kerberos.8; has been updated to version 3.12.1. Timezone data files have been updated to version 2015f. The &man.acpi.4; subsystem has been updated to version 20150818. The &man.unbound.8; utility has been updated to version 1.5.4. &man.jemalloc.3; has been updated to version 4.0.2. The &man.file.1; utility has been updated to version 5.28. The &man.nc.1; utility has been updated to the OpenBSD 5.8 version. Clang has been updated to version 3.8.0. LLVM has been updated to version 3.8.0. LLDB has been updated to version 3.8.0. libc++ has been updated to version 3.8.0. The compiler_rt utility has been updated to version 3.8.0. ACPICA has been updated to version 20160527. OpenBSM has been updated to version 1.2 alpha 4. The NetBSD Project's &man.libblacklist.3; library and applications have been ported and integrated into the system. Packet filtering support for the &man.pf.4; packet filtering systems has been implemented. The blacklist system provides the blacklistd daemon, the helper script blacklistd-helper to make changes to the running packet filter system and the blacklistctl control program. A selection of system daemons, including: fingerd, ftpd, rlogind, and rshd have been modified to support sending notifications to the blacklistd daemon. Support for the &man.ipfw.4; packet filter has been added to the blacklistd-helper script. Support for the &man.ipfilter.4; packet filter has been added to the blacklistd-helper script. Installation and Configuration Tools The &man.bsdinstall.8; partition editor and &man.sade.8; utility have been updated to include native ZFS support. The &os; installation utility, &man.bsdinstall.8;, has been updated to set the canmount &man.zfs.8; property to off for the /var dataset, preventing the contents of directories within /var from conflicting when using multiple boot environments, such as that provided by sysutils/beadm. The &man.bsdconfig.8; utility has been updated to skip the initial &man.tzsetup.8; UTC versus wall-clock time prompt when run in a virtual machine, determined when the kern.vm_guest &man.sysctl.8; is set to 1. The &man.bsdinstall.8; utility has been updated to use the new &man.dpv.3; library to display progress when extracting the &os; distributions. Support for detecting and implementing aligning partitions on 1Mb boundaries has been added to &man.bsdinstall.8;. Support for detecting and implementing a workaround for various laptops and motherboards that do not boot properly from GPT-partitioned disks has been added to &man.bsdinstall.8;. Additionally, the active flag will be set on the partition when needed. Support for selecting the partitioning scheme when installing on the UFS filesystem has been added to &man.bsdinstall.8;. <filename class="directory">/etc/rc.d</filename> Scripts The &man.rc.8; subsystem has been updated to allow configuring services in ${LOCALBASE}/etc/rc.conf.d/. If LOCALBASE is unset, it defaults to /usr/local. A new &man.rc.8; script, growfs, has been added, which will resize the root filesystem on boot if /firstboot exists. The mrouted &man.rc.8; script has been removed from the base system. An equivalent script is available from the net/mrouted port. A new &man.rc.8; script, iovctl, has been added, which allows automatically starting the &man.iovctl.8; utility at boot. The &man.service.8; utility has been updated to honor entries within /etc/rc.conf.d/. <filename class="directory">/etc/periodic</filename> Scripts The daily &man.periodic.8; script 110.clean-tmps has been updated to avoid crossing filesystem mount boundaries when cleaning files in /tmp. A new &man.periodic.8; script, 510.status-world-kernel, has been added, which evaluates the running userland and kernel versions from the &man.uname.1; -U and -K arguments, and prints an error if the system userland and kernel are not in sync. Runtime Libraries and API The Blowfish &man.crypt.3; default format has been changed to $2b$. The &man.readline.3; library is now statically linked in software within the base system, and the shared library is no longer installed, allowing the Ports Collection to use a modern version of the library. The &man.strptime.3; library has been updated to add support for POSIX-2001 features %U and %W. The &man.dl.iterate.phdr.3; library has been changed to always return the path name of the ELF object in the dlpi_name structure member. The &man.libxo.3; library has been imported to the base system. A userland library for Chelsio Terminator 5 based iWARP cards has been added, allowing userland RDMA applications to work over compatible NICs. The &man.gpio.3; library has been added, providing a wrapper around the &man.gpio.4; kernel interface. The &man.procctl.2; system call has been updated to include a facility for non-&man.init.8; processes to be declared as the reaper of child processes and their decendants. The futimens() and utimensat() system calls have been added. See &man.utimensat.2; for more information. The &man.elf.3; compile-time dependency has been removed from dtri.o, which allows adding DTrace probes to userland applications and libraries without also linking against &man.elf.3;. The &man.setmode.3; function has been updated to consistently set errno on failure. The &man.qsort.3; functions have been updated to be able to handle 32-bit aligned data on 64-bit platforms, also providing a significant improvement in 32-bit workloads. Several standard include headers have been updated to use of gcc attributes, such as __result_use_check(), __alloc_size(), and __nonnull(). Support for file verification in MAC has been added. The libgomp library is now only built when building GCC from the base system. An up-to-date version is available in the Ports Collection as devel/libiomp5-devel. The stdlib.h and malloc.h headers have been updated to make use of the gcc alloc_align() attribute. The Blowfish &man.crypt.3; library has been updated to support $2y$ hashes. The &man.execl.3; and &man.execlp.3; library functions have been updated to use the __sentinel gcc attribute. ABI Compatibility The &linux; compatibility version has been updated to 2.6.18. The compat.linux.osrelease &man.sysctl.8; is evaluated when building the emulators/linux-c6 and related ports. The stack protector has been upgraded to the "strong" level, elevating the protection against buffer overflows. While this significantly improves the security of the system, extensive testing was done to ensure there are no measurable side effects in performance or functionality. Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. Kernel Bug Fixes A kernel bug that inhibited proper functionality of the dev.cpu.0.freq &man.sysctl.8; on &intel; processors with Turbo Boost ™ enabled has been fixed. Support for &man.dtrace.1; stack tracing has been fixed for &os;/&arch.powerpc;, using the trapexit() and asttrapexit() functions instead of checking within addressed kernel space. A kernel panic triggered when destroying a &man.vnet.9; &man.jail.8; configured with &man.gif.4; has been fixed. A kernel panic triggered when destroying a &man.vnet.9; &man.jail.8; configured with &man.gre.4; has been fixed. A bug in &man.ipfw.4; that could potentially lead to a kernel panic when using &man.dummynet.4; at layer 2 has been fixed. The kernel RPC has been updated to include several enhancements: The 45 MiB limit on requests queued for &man.nfsd.8; threads has been removed. Avoids unnecessary throttling by not deferring accounting for completed requests. Fixes an integer overflow and signedness bugs. Support for &man.dtrace.1; has been added for the Book-E ™. The &man.kqueue.2; system call has been updated to handle write events to files larger than 2 gigabytes. Kernel Configuration The IMAGACT_BINMISC kernel configuration option has been enabled by default, which enables application execution through emulators, such as Qemu. The VT kernel configuration file has been removed, and the &man.vt.4; driver is included in the GENERIC kernel. To enable &man.vt.4;, enter set kern.vty=vt at the &man.loader.8; prompt during boot, or add kern.vty=vt to &man.loader.conf.5; and reboot the system. The &man.config.8; utility has been updated to allow using a non-standard src/ tree, specified as an argument to the -s flag. The &os;/&arch.powerpc64; kernel now builds as a position-independent executable, allowing the kernel to be loaded into and run from any physical or virtual address. This change requires an update to &man.loader.8;. The userland and kernel must be updated before rebooting the system. A new module for creating rpi.dtb has been added for the Raspberry Pi. The rpi.dtb module is now installed to /boot/dtb/ by default for the Raspberry Pi system. Kernel support for Vector-Scalar eXtension (VSX) found on POWER7 and POWER8 hardware has been added. The &man.pmap.9; implementation for 64-bit &powerpc; processors has been overhaulded to improve concurrency. A new module for creating the dtb module for AM335x systems has been added. The PAE_TABLES kernel configuration option has been added for &os;/&arch.i386;, which instructs &man.pmap.9; to use PAE format for page tables while maintaining a 32-bit physical address size elsewhere in the kernel. The use of this option can enhance application-level security by enabling the creation of no execute mappings on modern &arch.i386; processors. Unlike the PAE option, PAE_TABLES preserves kernel binary interface (KBI) compatibility with non-PAE kernels, allowing non-PAE kernel modules and drivers to work with a PAE_TABLES-enabled kernel. Additionally, system limits are tuned for 4GB maximum RAM, avoiding kernel virtual address space (KVA) exhaustion. The SIFTR kernel configuration has been added, allowing building &man.siftr.4; statically into the kernel. The &arch.arm; boot loader, ubldr, is now relocatable. In addition, ubldr.bin is now created during build time, which is a stripped binary with an entry point of 0, providing the ability to specify the load address by running go ${loadaddr} in u-boot. The &man.nvd.4; and &man.nvme.4; drivers are now included in the GENERIC kernel configuration by default. A new kernel configuration option, EM_MULTIQUEUE, has been added which enables multi-queue support in the &man.em.4; driver. Multi-queue support in the &man.em.4; driver is not officially supported by &intel;. The GENERIC kernel configuration has been updated to include the IPSEC option by default. Initial NUMA affinity and policy configuration has been added. See &man.numactl.1;, and &man.numa.getaffinity.2;, for usage details. The &man.pms.4; driver has been added to the GENERIC kernel configuration for supported architectures. The CUBIEBOARD2 kernel configuration has been renamed to A20. Kernel debugging symbols are now installed to /usr/lib/debug/boot/kernel/. To retain the previous behavior, add KERN_DEBUGDIR="" to &man.src.conf.5;. System Tuning and Controls The &man.hwpmc.4; default and maximum callchain depths have been increased. The default has been increased from 16 to 32, and the maximum increased from 32 to 128. The kern.osrelease and kern.osreldate are now configurable &man.jail.8; parameters. The &man.devfs.5; device filesystem has been changed to update timestamps for read/write operations using seconds precision. A new &man.sysctl.8;, vfs.devfs.dotimes has been added, which when set to a non-zero value, enables default precision timestamps for these operations. A new &man.sysctl.8;, kern.racct.enable, has been added, which when set to a non-zero value allows using &man.rctl.8; with the GENERIC kernel. A new kernel configuration option, RACCT_DISABLED has also been added. The GENERIC kernel configuration now includes RACCT and RCTL by default. To enable RACCT and RCTL on a system using the GENERIC kernel configuration, add kern.racct.enable=1 to &man.loader.conf.5;, and reboot the system. A new &man.sysctl.8;, net.inet.tcp.hostcache.purgenow, has been added, which when set to 1 during runtime will flush all net.inet.tcp.hostcache entries. A new &man.sysctl.8;, hw.model, has been added, which displays CPU model information. The &man.uart.4; driver has been updated to allow tuning pulses per second captured in the CTS line during runtime, whereas previously only the DCD line could be used without rebuilding the kernel. Devices and Drivers This section covers changes and additions to devices and device drivers since &release.prev;. Device Drivers Support for GPS ports has been added to &man.uhso.4;. The &man.full.4; device has been added, and the lindev(4) device has been removed. Prior to this change, lindev(4) provided only the /dev/full character device, returning ENOSPC on write attempts. As this device is not specific to &linux;, a native &os; version has been added. Hardware context support has been added to the drm/i915 driver, adding support for Mesa 9.2 and later. The &man.vt.4; driver has been updated, replacing the bitmapped kern.vt.spclkeys &man.sysctl.8; with individual kern.vt.kbd_* variants. The &man.hpet.4; driver has been updated to create a /dev/hpetN device, providing access to HPET from userspace. The drm code has been updated to match &linux; version 3.8.13. The &man.psm.4; driver has been updated to include improved support for newer Synaptics ® touchpads and the ClickPad ® mouse on newer Lenovo ™ laptops. Support for the Freescale PCI Root Complex device has been added. The &man.cyapa.4; driver has been added, supporting the Cypress APA I2C trackpad. The &man.isl.4; driver has been added, supporting the Intersil I2C ISL29018 digital ambient light sensor. Storage Drivers The &man.mpr.4; device has been added, providing support for LSI Fusion-MPT 3 12Gb SCSI/SATA controllers. The &man.mrsas.4; driver has been added, providing support for LSI MegaRAID SAS controllers. The &man.mfi.4; driver will attach to the controller, by default. To enable &man.mrsas.4; add hw.mfi.mrsas_enable=1 to /boot/loader.conf, which turns off &man.mfi.4; device probing. At this time, the &man.mfiutil.8; utility and the &os; version of MegaCLI and StorCli do not work with &man.mrsas.4;. The &man.ctl.4; subsystem has been updated, increasing the ports limit from 128 to 256, and LUN limit from 256 to 1024. The asr(4) driver has been removed, and is no longer supported. The &man.hptnr.4; driver has been updated to version 1.1.1. The &man.pms.4; driver has been added, providing support for the PMC Sierra line of SAS/SATA host bus adapters. The &man.ioat.4; driver has been added, providing support for the PSE (Platform Storage Extension). The CTL High Availability implementation has been rewritten. The &man.ctl.4; driver has been updated to support CD-ROM and removable devices. The &man.isp.4; driver has been updated and improved: added support for 16Gbps FC cards, improved target mode support, completed Multi-ID (NPIV) functionality. Network Drivers Support for Broadcom chipsets BCM57764, BCM57767, BCM57782, BCM57786 and BCM57787 has been added to &man.bge.4;. Support for the &intel; Centrino™ Wireless-N 135 chipset has been added. Firmware for &intel; Centrino™ Wireless-N 105 devices has been added to the base system. The deprecated nve(4) driver has been removed. Users of NVIDIA nForce MCP network adapters are advised to use the &man.nfe.4; driver instead, which has been the default driver for this hardware since &os; 7.0. The if_nf10bmac(4) device has been added, providing support for NetFPGA-10G Embedded CPU Ethernet Core. The if_nf10bmac(4) driver operates on the FPGA, and is not suited for the PCI host interface. The &man.ath.hal.4; driver has been updated to support the Atheros AR1111 chipset. Support for the &intel; Centrino™ Wireless-N 105 chipset has been added. Support for the &man.cxgbe.4; Terminator 5 (T5) 10G/40G cards has been added to &man.netmap.4;. The &man.alc.4; driver has been updated to support AR816x and AR817x ethernet controllers. The &man.pf.4; packet filter default hash has been changed from Jenkins to Murmur3, providing a 3-percent performance increase in packets-per-second. The &man.vxlan.4; driver has been added, which creates a virtual Layer 2 (Ethernet) network overlaid in a Layer 3 (IP/UDP) network. The &man.vxlan.4; driver is analogous to &man.vlan.4;, but is designed to be better suited for large, multiple-tenant datacenter environments. The &man.gre.4; driver has been significantly overhauled, and has been split into two separate modules, &man.gre.4; and &man.me.4;. The &man.ral.4; driver has been updated to support the RT5390 and RT5392 chipsets. The &man.sfxge.4; driver has been updated to support Solarflare Flareon Ultra 7000-series chipsets. The &man.em.4; driver has been updated with improved transmission queue hang detection. The &man.cdce.4; driver has been updated to include support for the RTL8153 chipset. The &man.iwm.4; driver has been imported from OpenBSD, providing support for &intel; 3160/7260/7265 wireless chipsets. The &man.em.4; driver has been updated to allow disabling CRC stripping. The &man.pf.4; implementation has been updated to remove support for the scrub fragment crop|drop-ovl filtering rule. Systems with this rule in &man.pf.conf.5; will implicitly be converted to the scrub fragment reassemble filtering rule, without necessary intervention. The &man.lagg.4; driver has been updated to remove support for the fec protocol. + + netmap + support from the ncxgbe/ncxl interfaces has been merged into the + vcxgbe/vcxl interfaces for the &man.cxgbe.4; driver. + Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Hardware Support The &man.asmc.4; driver has been updated to support the &apple; MacMini 3,1. Support for &os;/ia64 has been dropped as of &os; 11. An issue that could cause a system to hang when entering ACPI S3 state (suspend to RAM) has been corrected in the &man.acpi.4; and &man.pci.4; drivers. The power management unit subsystem has been updated to support power button events on certain &arch.powerpc; hardware, such as aluminum PowerBook ®. The &man.hwpmc.4; driver has been updated to correct performance counter sampling on G4 (MPC74xxx) and G5 class processors. The OpenCrypto framework has been updated to include AES-ICM and AES-GCM modes, both of which have also been added to the &man.aesni.4; driver. The &man.hwpmc.4; driver has been updated to support the Freescale e500 core. The &man.ig4.4; driver has been added, providing support for the fourth generation &intel; I2C SMBus. The &man.uart.4; driver has been updated to support AMT devices on newer systems. Initial SMP support has been added to the &os;/&arch.arm64; port. Virtualization Support Support for the Virtual Interrupt Delivery feature of &intel; VT-x is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_vid=0. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_vid=0 to /etc/sysctl.conf. Support for Posted Interrupt Processing is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_pir=0. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_pir=0 to /etc/sysctl.conf. Unmapped IO support has been added to &man.virtio_blk.4;. Unmapped IO support has been added to &man.virtio_scsi.4;. The &man.virtio_random.4; driver has been added to harvest entropy from the host system. &os;/&arch.i386; guests can be run under bhyve. Support for running a &os;/&arch.amd64; Xen guest instance as PVH guest has been added. PVH mode, short for Para-Virtualized Hardware, uses para-virtualized drivers for boot and I/O, and uses hardware virtualization extensions for all other tasks, without the need for emulation. The &man.bhyve.8; hypervisor has been updated to support &amd; processors with SVM and AMD-V hardware extensions. The &man.virtio.console.4; driver has been added, which provides an interface to VirtIO console devices through a &man.tty.4; device. The &man.bhyve.8; hypervisor has been updated to support DSM TRIM commands for virtual AHCI disks. Native graphics support has been added to the &man.bhyve.8; hypervisor. Support for the QEMU virt system has been added. The Hyper-V™ drivers have been updated with several enhancements: The &man.hv.vmbus.4; driver now has multi-channel support. The &man.hv.storvsc.4; driver now has scatter/gather support, in addition to performance improvements. The &man.hv.kvp.4; driver has received several bug fixes. Support for &man.xen.4; para-virtualized domU kernels has been removed. The &man.hv.netvsc.4; driver has been updated to support checksum offloading and TSO. The &man.xen.4; driver has been updated to include support for blkif indirect segment I/O. ARM Support The &man.nand.4; device is enabled for ARM devices by default. Support for the Exynos 5420 Octa system has been added. The SMP option has been enabled for all Exynos 5 systems supported by &os;. Support for the Toradex Apalis i.MX6 development board has been added. An issue that could cause instability when detecting SD cards on the Raspberry Pi SOC has been fixed. The bcm2835_cpufreq driver has been added, which supports CPU frequency and voltage control on the Raspberry Pi SOC. Support to turn off the BeagleBone Black system with the &man.shutdown.8; -p flag or by invoking &man.poweroff.8; has been added. Audio transmission drivers have been added for Digital Audio Multiplexer (AUDMUXM), Smart Direct Memory Access Controller (SDMA), and Syncronous Serial Interface (SSI). Initial support for the ARM AArch64 architecture has been added. Kernel support for Thumb-2 userland has been added. Support for the hardware power button on the BeagleBone Black system has been added. Initial ACPI support has been added for &os;/&arch.arm64;. Support for 1-Wire devices has been added, providing support for 1-Wire hardware through &man.gpio.4;. See &man.ow.4;, &man.owc.4;, and &man.ow.temp.4; for more information. Support for the HiSilicon HI6220 SoC has been added. The second CPU core on Allwinner A20 SoC have been enabled. Support for the Allwinner H3 SoC has been added. Support for X-Powers AXP813 and AXP818 power management integrated circuits have been added. Support for GPIO, Sensors and interrupts on AXP209 power management integrated circuits have been added. Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. General Storage The &man.ctl.4; LUN mapping has been rewritten, replacing iSCSI-specific mapping mechanisms with a new mechanism that works for any port. The &man.ctld.8; utility has been updated to allow controlling non-iSCSI &man.ctl.4; ports. The &man.autofs.5; subsystem has been updated to include a new &man.auto.master.5; map, -media, which allows automatically mounting removable media, such as CD drives or USB flash drives. The &man.autofs.5; subsystem has been updated to include a new &man.auto.master.5; map, -noauto, which handles &man.fstab.5; entries set to noauto. The GELI class has been updated to support the BIO_DELETE &man.g.bio.9; bio_cmd field, providing TRIM/UNMAP support on GELI-backed SSD storage providers. Leading spaces are now stripped off SCSI disk serial numbers when populating the CAM serial number. This affects the output of &man.diskinfo.8; and the names of /dev/diskid/DISK-* device nodes, among other things. Support for managing Shingled Magnetic Recording (SMR) drives has been added. Networked Storage The new filesystem automount facility, &man.autofs.5;, has been added. The new &man.autofs.5; facility is similar to that found in other &unix;-like operating systems, such as OS X™ and Solaris™. The &man.autofs.5; facility uses a &sun;-compatible &man.auto.master.5; configuration file, and is administered with the &man.automount.8; userland utility, and the &man.automountd.8; and &man.autounmountd.8; daemons. Support for the timeo, actimeo, noac, and proto options have been added to &man.mount.nfs.8;. ZFS The arc_meta_limit statistics are now visible through the kstat &man.sysctl.8;. As a result of this change, the vfs.zfs.arc_meta_used &man.sysctl.8; has been removed, and replaced with the kstat.zfs.misc.arcstats.arc_meta_used &man.sysctl.8;. The &man.zfs.8; l2arc code has been updated to take ashift into account when gathering buffers to be written to the l2arc device. The zfsd daemon has been added, which manages hotspares and replements in drive slots that publish physical paths. &man.geom.4; Support for the disklabel64 partitioning scheme has been added to &man.gpart.8;. Support for the apple-boot, apple-hfs, and apple-ufs MBR partitioning schemes have been added to &man.gpart.8;. The &man.gpart.8; utility has been updated to include a new attribute for GPT partitions, lenovofix, which when set, which works around BIOS compatibility issues reported on several Lenovo ™ laptops. Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. Boot Loader Changes The memory test run at boot time on &os;/&arch.amd64; platforms has been disabled by default. A new &man.ttys.5; class, 3wire, has been added. This is similar to the existing terminal classes, but does not have a defined baudrate. The &man.vt.4; driver has been made the default system console driver. The &man.syscons.4; driver is still available, and can be enabled by adding kern.vty=sc in &man.loader.conf.5;. Alternatively, &man.syscons.4; can be enabled at boot time by entering set kern.vty=sc at the &man.loader.8; prompt. Support for bzipfs has been added to the EFI loader. The boot loader has been updated to support entering the GELI passphrase before loading the kernel. To enable this behavior, add geom_eli_passphrase_prompt="YES" to &man.loader.conf.5;. The &man.ttys.5; file for &os;/&arch.arm; has been updated to enable ttyu1, ttyu2, and ttyu3 by default, if the callin port is an active console port. Boot Menu Changes   Networking This section describes changes that affect networking in &os;. Network Protocols Support for the IPX network transport protocol has been removed, and will not be supported in &os; 11 and later releases. Support for PLPMTUD blackhole detection (RFC 4821) has been added to the &man.tcp.4; stack, disabled by default. New control tunables have been added: Tunable Description net.inet.tcp.pmtud_blackhole_detection Enables or disables PLPMTUD blackhole detection net.inet.tcp.pmtud_blackhole_mss MSS to try for IPv4 net.inet.tcp.v6pmtud_blackhole_mss MSS to try for IPv6 New monitoring &man.sysctl.8;s haven been added: Tunable Description net.inet.tcp.pmtud_blackhole_activated Number of times the code was activated to attempt downshifting the MSS net.inet.tcp.pmtud_blackhole_min_activated Number of times the blackhole MSS was used in an attempt to downshift net.inet.tcp.pmtud_blackhole_failed Number of times that the blackhole failed to connect after downshifting the MSS Support for IP identification for atomic datagrams (RFC 6864) has been added. Support for this feature can be toggled with the net.inet.ip.rfc6864 &man.sysctl.8;, which is enabled by default. The IPSEC has been updated to include support for AES modes on both software-only and hardware-backed (&man.aesni.4;) systems. The network stack has been updated to fix handling of IPv6 On-Link redirects. The net.inet.tcp.ecn.enable sysctl mib has been changed from a binary off/on control to a three way setting. Value Description 0 Totally disable ECN. 1 Enable ECN if incoming connections request it. Outgoing connections will request ECN. 2 Enable ECN if incoming connections request it. Outgoing conections will not request ECN. Dummynet AQM, an independent implementation of CoDel and FQ-CoDel for ipfw/dummynet has been imported to the base system. Ports Collection and Package Infrastructure This section covers changes to the &os; Ports Collection, package infrastructure, and package maintenance and installation tools. Infrastructure Changes   Packaging Changes   Documentation This section covers changes to the &os; Documentation Project sources and toolchain. Documentation Source Changes   Documentation Toolchain Changes   Release Engineering and Integration This section convers changes that are specific to the &os; Release Engineering processes. Integration Changes The Release Engineering build tools have been updated to include support for producing virtual machine disk images for various cloud hosting providers. The Release Engineering build tools have been updated to use multi-threaded &man.xz.1;. By default, the number of &man.xz.1; threads is set to the number of cores available. The Release Engineering build tools have been updated to include support for building &os;/&arch.arm64; virtual machine and memory stick installation images. The Release Engineering build tools have been updated to support building &os;/&arch.arm; images without external utilities for supported boards where a corresponding u-boot port exists in the Ports Collection. The &os;/&arch.i386; memory stick installation images are now created using the &man.mkimg.1; utility, matching the way the &os;/&arch.amd64; images are created.