Index: stable/11/release/doc/en_US.ISO8859-1/relnotes/article.xml =================================================================== --- stable/11/release/doc/en_US.ISO8859-1/relnotes/article.xml (revision 319888) +++ stable/11/release/doc/en_US.ISO8859-1/relnotes/article.xml (revision 319889) @@ -1,941 +1,944 @@ %release; %sponsor; %vendor; ]>
&os; &release.current; Release Notes The &os; Project $FreeBSD$ 2017 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at &release.url;. The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at &release.url;. This distribution of &os; &release.current; is a &release.type; distribution. It can be found at &release.url; or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This document describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Upgrading from Previous Releases of &os; Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should only be attempted after backing up all data and configuration files. Security and Errata This section lists the various Security Advisories and Errata Notices since &release.prev;. Security Advisories &security; Errata Notices &errata; Userland This section covers changes and additions to userland applications, contributed software, and system utilities. Userland Configuration Changes The &man.inetd.8; utility is now built without libwrap support when WITHOUT_TCP_WRAPPERS is set in &man.src.conf.5;. The &man.libthr.3; library and related files are now evaluated and removed by the delete-old-libs target when upgrading the system if WITHOUT_LIBTHR is set in &man.src.conf.5;. The WITH_LLD_AS_LD build knob has been added, which installs LLD as /usr/bin/ld if set. LLD has been enabled by default and installed as /usr/bin/ld on &os;/&arch.arm64;. The WITH_RPCBIND_WARMSTART_SUPPORT &man.src.conf.5; knob has been added, which when enabled allows building &man.rpcbind.8; with warmstart support. Userland Application Changes Support for &man.blacklistd.8; has been added to OpenSSH. The &man.bspatch.1; utility has been updated with &man.capsicum.4; support. The &man.cron.8; utility has been updated to add support for including files within /etc/cron.d and /usr/local/etc/cron.d by default. The &man.syslogd.8; utility has been updated to add the include keyword which allows specifying a directory containing configuration files to be included in addition to &man.syslog.conf.5;. The default &man.syslog.conf.5; has been updated to include /etc/syslog.d and /usr/local/etc/syslog.d by default. The &man.zfsbootcfg.8; utility has been added, providing one-time &man.boot.config.5;-style options for &man.zfsboot.8;. The &man.setkey.8; utility has been modified to show the runtime NAT-T configuration. The -g and -t flags have been added, which list only global and virtual policies, respectively, when used with the -D and -P flags. The &man.getaddrinfo.1; utility has been added, ported from NetBSD. The &man.jail.8; utility has been updated to allow explicitly-assigned IPv4 and IPv6 addresses to be used within a jail. The &man.daemon.8; utility has been updated to allow redirecting &man.stdout.4; and &man.stderr.4; output to &man.syslog.3; or to a file. The &man.efivar.8; utility has been added, providing an interface to manage UEFI variables. The &man.cxgbetool.8; utility has been added, providing command-line access to features and debugging facilities of &man.cxgbe.4; devices. Contributed Software &man.readelf.1; has been updated to report &arch.arm; program and section header types. The ELF Tool Chain has been updated to upstream revision r3490. &man.groff.1; has been updated to use the changelog date rather than file modification date in manual pages for build reproducibility. &man.groff.1; is planned to be deprecated effective &os; 12.0-RELEASE. &man.unbound.8; has been updated to version 1.5.10. &man.strings.1; has been updated to fix the exit status when multiple files are provided as arguments, and an error is encountered before the last file. &man.makewhatis.1; has been updated to produce build-reproducible output. Subversion has been updated to version 1.9.5. &man.file.1; has been updated to version 5.29. The &man.amd.8; utility has been updated to version 6.2. The CLDR locales have been updated to version 30.0.3. The unicode locales have been updated to version 9.0.0. &man.xz.1; has been updated to version 5.2.3. &man.tcpdump.1; has been updated to version 4.9.0. &man.zlib.3; has been updated to version 1.2.11. openresolv has been updated to version 3.9.0. The NetBSD test suite has been updated to the 01.11.2017_23.20 snapshot. libucl has been updated to version 20170219. &man.libarchive.3; has been updated to version 3.3.1. &man.dma.8; has been updated to the 2017-02-10 snapshot. &man.ntpd.8; has been updated to version 4.2.8p10. ACPICA has been updated to version 20170303. Timezone data files have been updated to version 2017b. &man.mandoc.1; has been updated to version 1.14. Clang has been updated to version 4.0.0. LLVM has been updated to version 4.0.0. LLD has been updated to version 4.0.0. LLDB has been updated to version 4.0.0. compiler-rt has been updated to version 4.0.0. libc++ has been updated to version 4.0.0. &man.tcsh.1; has been updated to version 6.20.00. &man.blacklistd.8; has been updated to the 20170503 snapshot. &man.blacklistd.8; support for OpenSSH has been refined to adjust notification points to catch all authentication failures rather than only those caused by invalid login usernames. &man.byacc.1; has been updated to version 20170201. + + bmake has + been updated to version 20170510. Installation and Configuration Tools The installer, &man.bsdinstall.8;, has been updated to include support for hidden wireless networks when configuring the &man.wlan.4; interface. <filename class="directory">/etc/rc.d</filename> Scripts The jail_confwarn &man.rc.conf.5; entry has been added, which suppresses warnings about obsolete per-&man.jail.8; configurations. <filename class="directory">/etc/periodic</filename> Scripts The default &man.periodic.conf.5; has been updated to include the anticongestion_sleeptime option, consolidating random sleeps in &man.periodic.8; scripts and replacing the daily_ntpd_avoid_congestion option. The default value is 3600 seconds. The 410.status-mfi &man.periodic.8; script has been added to monitor the status of &man.mfi.4; volumes. Runtime Libraries and API The libmd library has been updated to introduce functions that operate on &man.fd.4; instead of filename. The &man.kvm.close.3; function has been updated to return the accumulated error from previous &man.close.2; calls. The C standard library has been updated to make use of &man.reallocarray.3; for bounds checking. The clock_nanosleep() system call has been added. The nanosleep() system call is now a wrapper around clock_nanosleep(). The system libraries have been updated to make use of &man.reallocarray.3; for bounds checking. ABI Compatibility The type max_align_t is now defined for C11 compliance. The sem_clockwait_np() library function has been added, which allows the caller to specify the reference clock and choose between absolute and relative mode. The clang nullability qualifiers have been added to the C library headers. Uses of the GNU __nonnull__ attribute have been replaced with the more benign Clang nullability attributes. Userland Debugging &man.ptrace.2; now supports events for &man.vfork.2;, permitting reliable debugging across &man.vfork.2; invocations. Process core dumps now include the process ID (PID) and command line arguments. Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. General Kernel Changes The &man.getdtablesize.2; system call is now permitted in capability mode. The kern.proc.nfds &man.sysctl.8; is now permitted in capability mode. The sys/conf/newvers.sh script has been updated with an option to exclude build-specific metadata from the kernel for build reproducibility. Kernel Bug Fixes The &man.ipf.4; packet filter has been updated to prevent keep state from incorrectly implying keep frags, matching the behavior documented in &man.ipf.5;. Kernel Configuration The WITH_REPRODUCIBLE_BUILD &man.src.conf.5; knob has been added, which when set, excludes build-specific metadata from the kernel, for build reproducibility. Support for NAT-T is now enabled by default. The IPSEC_NAT_T kernel configuration option has been removed. The IPSEC_FILTERTUNNEL kernel option has been removed, which was deprecated by the net.inet.ipsec.filtertunnel sysctl. The EARLY_AP_STARTUP option has been enabled by default on &arch.amd64; and &arch.i386; architectures, which when enabled releases Application Processors (APs) earlier in the kernel startup process. Kernel Modules &man.cloudabi.4; has been updated to allow running 32-bit binaries within 64-bit userland environments when the kernel configuration file has the COMPAT_CLOUDABI32 option present. The ipsec and tcpmd5 kernel modules have been added. Following the addition of the tcpmd5 module, it is now necessary to have a security association (SA) entry for both inbound and outbound directions. The &man.ipfw.4; packet filter has been updated to add support for named dynamic states. The ipfw_nptv6 kernel module has been added, implementing Network Prefix Translation for IPv6 as defined in RFC 6296. The ipfw_nat64 kernel module has been added, implementing stateless and stateful NAT64. The &man.cfumass.4; device has been added, providing a storage frontend to USB OTG-capable hardware. The ipfw_pmod kernel module has been added, designed for modifying packets of any protocol. At present, only TCP MSS modification is implemented. System Tuning and Controls The vfs.root_mount_always_wait tunable has been added, which forces the kernel to wait for root mount holds even if the root device is already present. When the system real time clock (RTC) is adjusted, such as by clock_settime(), sleeping threads are now awakened and absolute sleep times are reevaluated based on the new value of the RTC. Devices and Drivers This section covers changes and additions to devices and device drivers since &release.prev;. Device Drivers The &man.jedec.ts.4; driver has been added, providing support for thermal sensors on memory modules. The driver currently supports chips that are fully compliant with the JEDEC JC 42.4 specification. The &man.chromebook.platform.4; driver has been added, providing support for various Chromebook models. The &man.bytgpio.4; driver has been added, providing support for Intel® Bay Trail™ SoC GPIO controllers. /dev/kmem no longer supports access via mmap(). Consumers wishing to use /dev/kmem must use read() and write(). &man.devctl.8; now supports a "clear driver" command as a complement to "set driver". Storage Drivers The &man.mpr.4; driver has been updated to support tri-mode (SAS/SATA/PCIe) Broadcom® storage adapters. Network Drivers The &man.cxgbe.4; driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters. TCP connections using the TCP Offload Engine (TOE) on Chelsio T4+ adapters can now perform zero-copy sends via aio_write(). The &man.cxgbev.4; driver has been added, providing support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters. The &man.bnxt.4; driver has been added, providing support for Broadcom® NetXtreme-C™ and NetXtreme-E™ devices. The &man.cxgbe.4; driver now supports devices using T6-based adapters which support 10, 25, 40, and 100 Gbps. The &man.cxgbe.4; driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T6 adapters. The &man.cxgbev.4; driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T6 adapters. The &man.miibus.4; driver has been updated to support Microchip/Micrel KSZ9031 Gigabit ethernet cards. The &man.alc.4; driver has been updated to provide support for Atheros® Killer E2400™ Gigabit ethernet cards. The &man.alc.4; driver has been updated to provide support for Atheros® Killer E2500™ Gigabit ethernet cards. The &man.etherswitch.4; driver has been updated to support RTL8366RB and RTL8366SR cards. The &man.if.ipsec.4; virtual tunneling interface has been added, implementing route-based VPNs protected with Encapsulating Security Payload (ESP). The &man.qlnxe.4; driver has been added, providing support for Cavium® Qlogic™ 45000 Series adapters. The &man.qlxgbe.4; firmware has been updated to version 5.4.64. The &man.ixl.4; driver has been updated to version 1.7.12-k. The &man.cxgbe.4; driver has been updated to firmware version 1.16.45.0 for T4, T5, and T6 cards. Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Hardware Support The &man.atkbdc.4; driver has been updated to provide support for Elantech® trackpads. To enable hardware support, add hw.psm.elantech_support=1 to &man.loader.conf.5;. Virtualization Support PCI passthrough with &man.bhyve.4; supports more dynamic configurations permitting devices to be marked for passthrough or host use at runtime. PCI passthrough with &man.bhyve.4; resets functions via FLR when a virtual machine is started and stopped. PCI passthrough support has been enabled on &os; virtual machines running on Microsoft® Hyper-V™. The &man.hv.netvsc.4; driver SR-IOV implementation has been updated to support Virtual Function (VF) devices, such as the Mellanox® Connect-X3™ network card. Support for Microsoft® Hyper-V™ Generation 2 virtual machines has been added. Support for synthetic keyboards has been added for virtual machines running on Microsoft® Hyper-V™. The &os; virtual machines provided on Amazon® EC2™ now enable IPv6 by default. ARM Support Support for the Allwinner A13 board has been added. Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. General Storage   Networked Storage The NFS client now properly handles NFS4ERR_BAD_SESSION errors received from an NFS server. Additionally, the kernel RPC client has been updated to prevent creating new TCP connections when ERESTART is received from &man.sosend.9;. The NFS client now supports the Amazon® Elastic File System™ (EFS). ZFS The vfs.zfs.debug_flags &man.sysctl.8; has been deprecated in favor of vfs.zfs.debugflags. Additionally, vfs.zfs.debugflags can now be configured in &man.loader.conf.5;, whereas vfs.zfs.debug_flags could not. <literal>geom(4)</literal>   Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. Boot Loader Changes The UEFI boot loader has been updated for build reproducibility. The EFI loader has been updated to support TFTPFS, providing netboot support without requiring an NFS server. Boot Menu Changes   Networking This section describes changes that affect networking in &os;. General Network Changes The network stack has been updated to include ip6_tryforward(), providing performance benefits as result of a reduced number of checks. The network stack has been modified to fix incorrect or invalid IP addresses if multiple threads emit a UDP log_in_vain message concurrently. The TCP stack has been changed to use the estimated RTT instead of timestamps for receive buffer auto resizing. Network Protocols Support for GARP (gratuitous ARP) retransmit has been added. A new &man.sysctl.8;, net.link.ether.inet.garp_rexmit_count, has been added, which sets the maximum number of retransmissions when set to a non-zero value. Support for the UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type has been removed. Ports Collection and Package Infrastructure This section covers changes to the &os; Ports Collection, package infrastructure, and package maintenance and installation tools. Infrastructure Changes   Packaging Changes   Documentation This section covers changes to the &os; Documentation Project sources and toolchain. Documentation Source Changes   Documentation Toolchain Changes   Release Engineering and Integration This section convers changes that are specific to the &os; Release Engineering processes. Integration Changes