FreeBSD/amd64 6.2-RELEASE Release Notes
The FreeBSD Project
Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 The FreeBSD Documentation Project
1.8126.96.36.199.7 2007/01/11 19:53:37 bmah Exp $
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol.
The release notes for FreeBSD 6.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 6.2-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
- Table of Contents
- 1 Introduction
- 2 What's New
- 2.1 Security Advisories
- 2.2 Kernel Changes
- 2.3 Userland Changes
- 2.3.1 /etc/rc.d Scripts
- 2.4 Contributed Software
- 2.5 Ports/Packages Collection Infrastructure
- 2.6 Release Engineering and Integration
- 2.7 Documentation
- 3 Upgrading from previous releases of FreeBSD
This document contains the release notes for FreeBSD 6.2-RELEASE on the AMD64 hardware platform. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 6.2-RELEASE is a release distribution. It can be found at http://www.FreeBSD.org/snapshots/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the “Obtaining FreeBSD” appendix to the FreeBSD Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 6.2-RELEASE can be found on the FreeBSD Web site.
This section describes the most user-visible new or changed features in FreeBSD since 6.1-RELEASE.
Typical release note items document recent security advisories issued after 6.1-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
A bug in the smbfs file system, which could allow an attacker to escape out of chroot(2) environments on an smbfs mounted filesystem, has been fixed. For more details, see security advisory FreeBSD-SA-06:16.smbfs.
A potential denial of service problem in sendmail(8) caused by excessive recursion which leads to stack exhaustion when attempting delivery of a malformed MIME message, has been fixed. For more details, see security advisory FreeBSD-SA-06:17.sendmail.
An OpenSSL bug related to validation of PKCS#1 v1.5 signatures has been fixed. For more details, see security advisory FreeBSD-SA-06:19.openssl.
Several programming errors have been fixed in gzip(1). They could have the effect of causing a crash or an infinite loop when decompressing files. More information can be found in security advisory FreeBSD-SA-06:21.gzip.
Several vulnerabilities have been fixed in OpenSSH. More details can be found in security advisory FreeBSD-SA-06:22.openssh.
A bug that could allow users in the operator group to read parts of kernel memory has been corrected. For more details, consult security advisory FreeBSD-SA-06:25.kmem.
A bug in the jail startup script that could permit privilege escalation via a symlink attack has been fixed. More information is available in FreeBSD-SA-07:01.jail.
Security event auditing is now supported in the FreeBSD kernel, and is enabled by the AUDIT kernel configuration option. More information can be found in the audit(4) manual page.
Instead of including all of physical memory in a kernel crash
dump, the kernel now defaults to dumping only pages that are
actively mapped into kernel virtual memory. This functionality
requires that the new
sysctl variable be set to 1.
Several workarounds for bugs in the tty(4) layer have been added; these changes prevent a variety of observed kernel panics.
A bug has been fixed in the statistics-keeping code in the kernel's UMA memory allocator. This caused a count of memory allocation failures (as shown by netstat -m) to increase erroneously.
FreeBSD now runs on the Xbox, whose architecture is nearly identical to the i386. For details of the latest development, see http://www.FreeBSD.org/platforms/xbox.html.
The amdsmb(4) driver has been added. It provides support for the AMD-8111 SMBus 2.0 controller.
ipmi(4), an OpenIPMI compatible driver, has been added. OpenIPMI (Intelligent Platform Management Interface) is an open standard designed to enable remote monitoring and control of server, networking and telecommunication platforms.
The nfsmb(4) driver, which supports the NVIDIA nForce 2/3/4 SMBus 2.0 controller, has been added.
The ath(4) driver has been updated to HAL version 0.9.17.2.
Some improvements have been made to the bce(4) driver to improve its stability. One user-visible aspect of these changes is that transmit-side checksum offload involving IP fragments has been disabled, because it was not handled correctly by the hardware.
The em(4) driver has been updated to version 6.2.9 from Intel. Among other changes, it adds support for a number of new adapters. Compiling the driver with the EM_FAST_INTR preprocesor symbol defined will enable optional “fast interrupt” processing. “Fast interrupt” processing, as implemented in this version of the driver, has been shown to yield significant performance improvements in some cases, but has been linked to stability issues in other cases.
A number of improvements and bugfixes have been made to the functionality of the iwi(4) driver. This driver now requires the firmware image in the net/iwi-firmware-kmod port/package; prior versions of this driver used the net/iwi-firmware port/package.
The sk(4) driver is now MPSAFE.
The stge(4) driver has been added. It supports the Sundance/Tamarack TC9021 Gigabit Ethernet controller and was ported from NetBSD.
Multiple copies of a packet received via different bpf(4) listeners now all have identical timestamps.
The enc(4) IPsec filtering pseudo-device has been added. It allows firewall packages using the pfil(9) framework to examine (and filter) IPsec traffic before outbound encryption and after inbound decryption.
The sysctl variables
be used with IPv6 now.
The IPFIREWALL_FORWARD_EXTENDED kernel option has been removed. This option was used to permit ipfw(4) to redirect packets with local destinations. This behavior is now always enabled when the IPFIREWALL_FORWARD kernel option is enabled.
The ipfw(4) packet filter now supports tag and untag rule keywords. When a packet matches a rule with the tag keyword, the numeric tag for the given number in the range from 0 to 65535 will be attached to the packet. The tag acts as an internal marker (it is not sent out over the wire) that can be used to identify these packets later on, for example, by using tagged rule option. For more details, see ipfw(8).
The ng_ether(4) Netgraph node no longer overwrites the MAC address of outgoing frames by default.
The ng_tag(4) Netgraph node has been added to support the manipulation of mbuf tags attached to data in the kernel.
FreeBSD 6.1-RELEASE contained a bug in the IPv6 implementation, which caused spurious error messages to be printed for point-to-point interfaces. This problem has been corrected.
IPv6 link-local addresses are now enabled only if
ipv6_enable is set in
A bug that prevented carp(4) from working correctly in some IPv6 environments has been fixed.
The arcmsr(4) driver has been updated to version 1.20.00.13.
The ata(4) driver now supports USB mass storage class devices. To enable it, a line device atausb in the kernel configuration file or loading the atausb kernel module is needed. Note that this functionality cannot coexist with the umass(4) driver.
The ata(4) driver has been updated to reflect the version in FreeBSD CURRENT.
geli(8) is now able to perform
data integrity verification (data authentication) of encrypted data
stored on disk. Note that the encryption algorithm is now specified
geli(8) control program using the
-e option; the
-a option is now used to specify the authentication
The isp(4) driver has been updated to reflect the version in FreeBSD CURRENT.
Several bugs related to locking have been fixed in devfs(5). These fixes prevent several observed deadlock conditions.
The linsysfs(5) pseudo-filesystem driver has been added. It provides a subset of the Linux sys filesystem, and is required for the correct operation of some Linux binaries (such as the LSI MegaRAID SAS utility).
A deadlock observed when both quotas and snapshots were in use on a file system on FreeBSD 6.1-RELEASE has been corrected.
A performance regression with NFS servers running FreeBSD 6.1-RELEASE, caused by a leak of the Giant kernel lock, has been fixed.
cp(1) utility now supports a
-l option, which causes it to create
hardlinks to the source files instead of copying them.
The csup(1) utility has been imported. This is an implementation of a CVSup-compatible client written in the C language. Note that it currently supports checkout mode only.
The dhclient(8) program now sends the host's name in DHCP requests if it is not specified in the configuration file.
du(1) program now supports a
-n flag, which causes it to ignore
files and directories with the nodump flag
find(1) program now supports
-Btime and other related primaries,
which can be used to create expressions based on a file's creation
The freebsd-update(8) utility, a tool for managing binary updates to the FreeBSD base system, has been added.
The fsdb(8) utility now supports changing the birth time of files on UFS2 file systems using the new btime command.
The fsdb(8) program now supports a findblk command, which finds the inode(s) owning a specific disk block.
id(1) utility now supports a
-A flag to print process audit
properties, including the audit user id.
iostat(8) utility now supports a
-x flag (inspired by Solaris) to print
extended disk statistics. If the new
flag is also specified, no output is made for disks with no
jail(8) program now supports a
-s option to specify a jail's
jexec(8) utility now supports
flags to specify username credentials under which a command should
logger(1) utility now supports a
-P, which specifies the port to which
syslog messages should be sent.
ls(1) utility now supports an
-U flag to use the file creation time
ping(8) command now supports a
-W option to specify the maximum time
to wait for an echo reply.
The pkill(1) utility (also known as pgrep(1)) has been moved from /usr/bin to /bin so that it can be used by startup scripts. Symbolic links from its former location have been created for backward compatibliity.
An extensible implementation of
printf(3), compatible with GLIBC,
has been added to libc. It is only used
if the environment variable
USE_XPRINTF is defined, one of the extension
functions is called, or the global variable
__use_xprintf is set to a value greater than
0. Five extensions are currently
supported: %H (hex dump), %T (
time-related structures), %M (errno
message), %Q (double-quoted, escaped
string), %V (
The DNS resolver library in FreeBSD's libc has been updated to that from BIND 9.3.3.
tail(1) utility now supports a
-q flag to suppress header lines when
multiple files are specified.
traceroute(8) program now
-D flag, which causes it to
display the differences between the sent and received packets.
traceroute(8) utility now
-e option, which sets a
fixed destination port for probe packets. This can be useful for
tracing behind packet-filtering firewalls.
traceroute(8) now decodes the complete set of ICMP unreachable messages in its output.
The compiler toolchain is now capable of generating executables for systems using the ARM processor.
BIND has been updated from 9.3.1 to 9.3.3.
GCC has been updated from 3.4.4 to 3.4.6.
IPFilter has been updated from 4.1.8 to 4.1.13.
less has been updated from v381 to v394.
libpcap has been updated from 0.9.1 to 0.9.4.
lukemftpd has been updated from a snapshot from NetBSD as of 9 August 2004 to a snapshot from NetBSD as of 31 August 2006.
netcat has been updated from the version in a 4 February 2005 OpenBSD snapshot to the version included in OpenBSD 3.9.
OpenSSH has been updated from 4.2p1 to 4.5p1.
sendmail has been updated from 8.13.6 to 8.13.8.
tcpdump has been updated from 3.9.1 to 3.9.4.
The timezone database has been updated from the tzdata2005r release to the tzdata2006g release.
TrustedBSD OpenBSM, version 1.0 alpha 12, an implementation of the documented Sun Basic Security Module (BSM) Audit API and file format, as well as local extensions to support the Mac OS X and FreeBSD operating systems has been added. This also includes command line tools for audit trail reduction and conversion to text, as well as documentation of the commands, file format, and APIs. For this functionality, the AUDIT kernel option, /var/audit directory, and audit group have been added.
zlib has been updated from version 1.2.2 to version 1.2.3.
pkg_add(1) now supports an
-F flag to disable checking whether the
same package is already installed or not.
The sysinstall(8) utility now displays the running FreeBSD version in menu titles.
The sysinstall(8) program contained a bug that could prevent it from installing a kernel if no distribution was explicitly selected at install-time. This bug has now been fixed.
A bug in sysinstall(8) that sometimes prevented package installs from multiple CDROM volumes has been fixed.
A /media directory has been added to contain mount points for removable media such as CDROMs, floppy disks, USB drives, and so on.
The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.12.3 to 2.16.1. As a part of this update, the default prefix for GNOME (and some related programs) has moved from /usr/X11R6 to /usr/local. This version of GNOME also adds support for the Hardware Abstraction Layer (HAL), which provides features such as auto-mounting removable media, auto-playing CDs, and more integrated power control.
The supported version of the KDE desktop environment (x11/kde3) has been updated from 3.5.1 to 3.5.4.
The supported Linux emulation now uses the libraries in the emulators/linux_base-fc4 package.
Source upgrades to FreeBSD 6.2-RELEASE are only supported from FreeBSD 5.3-RELEASE or later. Users of older systems wanting to upgrade 6.2-RELEASE will need to update to FreeBSD 5.3 or newer first, then to FreeBSD 6.2-RELEASE.
Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files.
This file, and other release-related documents, can be downloaded from http://www.FreeBSD.org/snapshots/.
All users of FreeBSD 6.2-STABLE should subscribe to the <stable@FreeBSD.org> mailing list.
For questions about this documentation, e-mail <doc@FreeBSD.org>.