aboutsummaryrefslogtreecommitdiff
path: root/UPDATING
blob: 844e7f0012f76f225e3d3136a85bd192cca4af02 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
Updating Information for FreeBSD STABLE users

This file is maintained and copyrighted by M. Warner Losh
<imp@village.org>.  See end of file for further details.  For commonly
done items, please see the COMMON ITEMS: section later in the file.

Items affecting the ports and packages system can be found in
/usr/ports/UPDATING.  Please read that file before running
portupgrade.

20101129:	p16	FreeBSD-SA-10:10.openssl
	Fix OpenSSL multiple vulnerabilities.

20101110:	p15	FreeBSD-SA-10:09.pseudofs
	Don't unlock a mutex which wasn't locked.

20100920:	p14	FreeBSD-SA-10:08.bzip2
	Fix an integer overflow in RLE length parsing when decompressing
	corrupt bzip2 data.

20100713:	p13	FreeBSD-SA-10:07.mbuf
	Correctly copy the M_RDONLY flag when duplicating a reference
	to an mbuf external buffer.

20100526:	p12	FreeBSD-SA-10:05.opie
	Fix a one-NUL-byte buffer overflow in libopie. [10:05]

20100227:	p11	FreeBSD-EN-10:02.sched_ule
	Fix a deadlock in the ULE scheduler.

20100106:	p10	FreeBSD-SA-10:01.bind, FreeBSD-SA-10:02.ntpd,
			FreeBSD-SA-10:03.zfs
	Fix BIND named(8) cache poisoning with DNSSEC validation.
	[SA-10:01]

	Fix ntpd mode 7 denial of service. [SA-10:02]

	Fix ZFS ZIL playback with insecure permissions. [SA-10:03]

20091203:	p9	FreeBSD-SA-09:15.ssl, FreeBSD-SA-09:16.rtld,
			FreeBSD-SA-09:17.freebsd-update
	Disable SSL renegotiation in order to protect against a serious
	protocol flaw. [09:15]

	Correctly handle failures from unsetenv resulting from a corrupt
	environment in rtld-elf. [09:16]

	Fix permissions in freebsd-update in order to prevent leakage of
	sensitive files. [09:17]

20091002:	p8	FreeBSD-SA-09:14.devfs, FreeBSD-EN-09:05.null
	Fix devfs / VFS NULL pointer race condition. [SA-09:14]

	Add no zero mapping feature. [EN-09:05]

20090729:	p7	FreeBSD-SA-09:12.bind
	Fix BIND named(8) dynamic update message remote DoS.

20090610:	p6	FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6,
			FreeBSD-SA-09:11.ntpd
	Prevent integer overflow in direct pipe write code from circumventing
	virtual-to-physical page lookups. [09:09]

	Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

	Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

20090422:	p5	FreeBSD-SA-09:07.libc, FreeBSD-SA-09:08.openssl
	Don't leak information via uninitialized space in db(3) records.
	[09:07]

	Sanity-check string lengths in order to stop OpenSSL crashing
	when printing corrupt BMPString or UniversalString objects. [09:08]

20090323:	p4	FreeBSD-SA-09:06.ktimer, FreeBSD-EN-09:01.kenv
	Correctly sanity-check timer IDs. [SA-09:06]

	Limit the size of malloced buffer when dumping environment
	variables. [EN-09:01]

20090216:	p3	FreeBSD-SA-09:05.telnetd
	Correctly scrub telnetd's environment.

20090113:	p2	FreeBSD-SA-09:03.ntpd, FreeBSD-SA-09:04.bind
	Correct ntpd cryptographic signature bypass. [09:03]

	Correct BIND DNSSEC incorrect checks for malformed
	signatures. [09:04]

20090107:	p1	FreeBSD-SA-09:01.lukemftpd, FreeBSD-SA-09:02.openssl
	Prevent cross-site forgery attacks on lukemftpd(8) due to splitting
	long commands into multiple requests. [09:01]

	Fix incorrect OpenSSL checks for malformed signatures. [09:02]

20090106:
	FreeBSD 7.1-RELEASE

20081223:		FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw
	Prevent cross-site forgery attacks on ftpd(8) due to splitting
	long commands into multiple requests. [08:12]

	Avoid calling uninitialized function pointers in protocol switch
	code. [08:13]

20080903:
	ntpd has been upgraded to 4.2.4p5.

20080901:
	OpenSSH has been upgraded to 5.1p1.

20080826:
	DTrace support was merged to STABLE today. In the best
	tradition of "the dog ate my homework", subversion decided
	that the commit message was too large and opted not to send
	it. It was a stealth commit!

	A 'make buildkernel' will now default to build the kernel
	and modules with both DTrace kernel hooks and CTF data ready
	for DTrace.

	After you have installed both world and the kernel, and
	rebooted, you can 'kldload dtraceall' to load all the DTrace
	kernel modules and then you're set to run the 'dtrace'
	client (as root).

	For DTrace documentation, refer to:
	<http://wikis.sun.com/display/DTrace/Documentation>

	We are limited to kernel tracing at the moment, so the pid
	provider is not available.

	For the syscall provider, note that the arguments to the
	return probes are the same as for the entry probes.

20080811:
	Today STABLE got a reorganization of the Intel E1000
	driver code. In order to better support our new adapters
	there is a new driver, igb, that is now to be used for
	either the 82575 or 82576 adapters. The source however,
	is all now in sys/dev/e1000, both em and igb drivers are
	built from that common directory if you configure them
	in the kernel. Making loadable drivers still happens in
	the same place: sys/modules/[em, igb].

	The important thing to note is that the 82575 adapters
	were supported in the em driver in 7.0, but now needed
	to be moved into igb, so if you have the effected cards
	be sure and make any script changes to follow the name
	change.

	There are only 3 PCI ID's effected in this change:
		0x10A7, 0x10A9, and 0x10D6 
	So you can know ahead of time if they will be effected,
	these will now be supported in the igb driver. That
	driver will also support the new 82576 followon.

	The driver reorg in STABLE is inconvenient but it really
	was necessary for Intel to do this, and I figured it was
	better to have this small admin type issue than not to
	have support for this new hardware for a whole release
	cycle.

20080724:
	I have MFC'd in code to support multiple routing tables.
	see the man pages setfib(1) and setfib(2).
	This is a backwards compatible version,
	but to make use of it you need to compile your kernel
	with options ROUTETABLES=2 (or more up to 16).

20080226:
	FreeBSD 7.0-RELEASE

20080208:
	Note the addition of m_collapse for compacting mbuf chains.

20071126:
	The AT keyboard emulation of sunkbd(4) has been turned on
	by default. In order to make the special symbols of the Sun
	keyboards driven by sunkbd(4) work under X these now have
	to be configured the same way as Sun USB keyboards driven
	by ukbd(4) (which also does AT keyboard emulation), f.e.:

	Option	"XkbLayout" "us"
	Option	"XkbRules" "xorg"
	Option	"XkbSymbols" "pc(pc105)+sun_vndr/usb(sun_usb)+us"

20071028:
	It has been decided that it is desirable to provide ABI
	backwards compatibility to the FreeBSD 4/5/6 versions of the
	PCIOCGETCONF, PCIOCREAD and PCIOCWRITE IOCTLs, which was
	broken with the introduction of PCI domain support (see the
	20070930 entry). Unfortunately, this required the ABI of
	PCIOCGETCONF to be broken again in order to be able to
	provide backwards compatibility to the old version of that
	IOCTL. Thus consumers of PCIOCGETCONF have to be recompiled
	again. As for prominent ports this affects neither pciutils
	nor xorg-server this time, the hal port needs to be rebuilt
	however.

20071010:
	RELENG_7 branched.

20071009:
	Setting WITHOUT_LIBPTHREAD now means WITHOUT_LIBKSE and
	WITHOUT_LIBTHR are set.

20070930:
	The PCI code has been made aware of PCI domains. This means that
	the location strings as used by pciconf(8) etc are now in the
	following format: pci<domain>:<bus>:<device>[:<function>]. It
	also means that consumers of <sys/pciio.h> potentially need to
	be recompiled; this includes the hal and xorg-server ports.

20070928:
        The caching daemon (cached) was renamed to nscd. nscd.conf
        configuration file should be used instead of cached.conf and
        nscd_enable, nscd_pidfile and nscd_flags options should be used
        instead of cached_enable, cached_pidfile and cached_flags in
        rc.conf.

20070704:
        The new IPsec code is now compiled in using the IPSEC option.  The
	IPSEC option now requires "device crypto" be defined in your kernel
	configuration.  The FAST_IPSEC kernel option is now deprecated.

20070702:
	The packet filter (pf) code has been updated to OpenBSD 4.1 Please
	note the changed syntax - keep state is now on by default.  Also
	note the fact that ftp-proxy(8) has been changed from bottom up and
	has been moved from libexec to usr/sbin.  Changes in the ALTQ
	handling also affect users of IPFW's ALTQ capabilities.

20070701:
	Remove KAME IPsec in favor of FAST_IPSEC, which is now the
	only IPsec supported by FreeBSD.  The new IPsec stack
	supports both IPv4 and IPv6. The kernel option will change
	after the code changes have settled in.  For now the kernel
	option IPSEC is deprecated and FAST_IPSEC is the only option, that
	will change after some settling time.

20070701:
	The wicontrol(8) utility has been removed from the base system. wi(4)
	cards should be configured using ifconfig(8), see the man page for more
	information.

20070612:
	The i386/amd64 GENERIC kernel now defaults to the nfe(4) driver
	instead of the nve(4) driver. Please update your configuration
	accordingly.

20070612:
	By default, /etc/rc.d/sendmail no longer rebuilds the aliases
	database if it is missing or older than the aliases file.  If
	desired, set the new rc.conf option sendmail_rebuild_aliases
	to "YES" to restore that functionality.

20070612:
	The IPv4 multicast socket code has been considerably modified, and
	moved to the file sys/netinet/in_mcast.c. Initial support for the
	RFC 3678 Source-Specific Multicast Socket API has been added to
	the IPv4 network stack.

	Strict multicast and broadcast reception is now the default for
	UDP/IPv4 sockets; the net.inet.udp.strict_mcast_mship sysctl variable
	has now been removed.

	The RFC 1724 hack for interface selection has been removed; the use
	of the Linux-derived ip_mreqn structure with IP_MULTICAST_IF has
	been added to replace it. Consumers such as routed will soon be
	updated to reflect this.

	These changes affect users who are running routed(8) or rdisc(8)
	from the FreeBSD base system on point-to-point or unnumbered
	interfaces.

20070610:
	The net80211 layer has changed significantly and all wireless
	drivers that depend on it need to be recompiled.  Further these
	changes require that any program that interacts with the wireless
	support in the kernel be recompiled; this includes: ifconfig,
	wpa_supplicant, hostapd, and wlanstats.  Users must also, for
	the moment, kldload the wlan_scan_sta and/or wlan_scan_ap modules
	if they use modules for wireless support.  These modules implement
	scanning support for station and ap modes, respectively.  Failure
	to load the appropriate module before marking a wireless interface
	up will result in a message to the console and the device not
	operating properly.

20070610:
	The pam_nologin(8) module ceases to provide an authentication
	function and starts providing an account management function.
	Consequent changes to /etc/pam.d should be brought in using
	mergemaster(8).  Third-party files in /usr/local/etc/pam.d may
	need manual editing as follows.  Locate this line (or similar):

		auth	required	pam_nologin.so	no_warn

	and change it according to this example:

		account	required	pam_nologin.so	no_warn

	That is, the first word needs to be changed from "auth" to
	"account".  The new line can be moved to the account section
	within the file for clarity.  Not updating pam.conf(5) files
	will result in nologin(5) ignored by the respective services.

20070529:
	The ether_ioctl() function has been synchronized with ioctl(2)
	and ifnet.if_ioctl.  Due to that, the size of one of its arguments
	has changed on 64-bit architectures.  All kernel modules using
	ether_ioctl() need to be rebuilt on such architectures.

20070516:
	Improved INCLUDE_CONFIG_FILE support has been introduced to the
	config(8) utility. In order to take advantage of this new
	functionality, you are expected to recompile and install
	src/usr.sbin/config. If you don't rebuild config(8), and your
	kernel configuration depends on INCLUDE_CONFIG_FILE, the kernel
	build will be broken because of a missing "kernconfstring"
	symbol.

20070513:
	Symbol versioning is enabled by default.  To disable it, use
	option WITHOUT_SYMVER.  It is not advisable to attempt to
	disable symbol versioning once it is enabled; your installworld
	will break because a symbol version-less libc will get installed
	before the install tools.  As a result, the old install tools,
	which previously had symbol dependencies to FBSD_1.0, will fail
	because the freshly installed libc will not have them.

	The default threading library (providing "libpthread") has been
	changed to libthr.  If you wish to have libkse as your default,
	use option DEFAULT_THREAD_LIB=libkse for the buildworld.

20070423:
	The ABI breakage in sendmail(8)'s libmilter has been repaired
	so it is no longer necessary to recompile mail filters (aka,
	milters).  If you recompiled mail filters after the 20070408
	note, it is not necessary to recompile them again.

20070417:
	The new trunk(4) driver has been renamed to lagg(4) as it better
	reflects its purpose. ifconfig will need to be recompiled.

20070408:
	sendmail(8) has been updated to version 8.14.1.  Mail filters
	(aka, milters) compiled against the libmilter included in the
	base operating system should be recompiled.

20070302:
	Firmwares for ipw(4) and iwi(4) are now included in the base tree.
	In order to use them one must agree to the respective LICENSE in
	share/doc/legal and define legal.intel_<name>.license_ack=1 via
	loader.conf(5) or kenv(1).  Make sure to deinstall the now
	deprecated modules from the respective firmware ports.

20070228:
	The name resolution/mapping functions addr2ascii(3) and ascii2addr(3)
	were removed from FreeBSD's libc. These originally came from INRIA
	IPv6. Nothing in FreeBSD ever used them. They may be regarded as
	deprecated in previous releases.
	The AF_LINK support for getnameinfo(3) was merged from NetBSD to
	replace it as a more portable (and re-entrant) API.

20070224:
	To support interrupt filtering a modification to the newbus API 
	has occurred, ABI was broken and __FreeBSD_version was bumped
	to 700031. Please make sure that your kernel and modules are in 
	sync. For more info:
	http://docs.freebsd.org/cgi/mid.cgi?20070221233124.GA13941

20070224:
	The IPv6 multicast forwarding code may now be loaded into GENERIC
	kernels by loading the ip_mroute.ko module. This is built into the
	module unless WITHOUT_INET6 or WITHOUT_INET6_SUPPORT options are
	set; see src.conf(5) for more information.

20070214:
	The output of netstat -r has changed. Without -n, we now only
	print a "network name" without the prefix length if the network
	address and mask exactly match a Class A/B/C network, and an entry
	exists in the nsswitch "networks" map.
	With -n, we print the full unabbreviated CIDR network prefix in
	the form "a.b.c.d/p". 0.0.0.0/0 is always printed as "default".
	This change is in preparation for changes such as equal-cost
	multipath, and to more generally assist operational deployment
	of FreeBSD as a modern IPv4 router.

20070210:
	PIM has been turned on by default in the IPv4 multicast
	routing code. The kernel option 'PIM' has now been removed.
	PIM is now built by default if option 'MROUTING' is specified.
	It may now be loaded into GENERIC kernels by loading the
	ip_mroute.ko module.

20070207:
	Support for IPIP tunnels (VIFF_TUNNEL) in IPv4 multicast routing
	has been removed. Its functionality may be achieved by explicitly
	configuring gif(4) interfaces and using the 'phyint' keyword in
	mrouted.conf.
	XORP does not support source-routed IPv4 multicast tunnels nor the
	integrated IPIP tunneling, therefore it is not affected by this
	change. The __FreeBSD_version macro has been bumped to 700030.

20061221:
	Support for PCI Message Signalled Interrupts has been
	re-enabled in the bge driver, only for those chips which are
	believed to support it properly.  If there are any problems,
	MSI can be disabled completely by setting the
	'hw.pci.enable_msi' and 'hw.pci.enable_msix' tunables to 0
	in the loader.

20061214:
	Support for PCI Message Signalled Interrupts has been
	disabled again in the bge driver.  Many revisions of the
	hardware fail to support it properly.  Support can be
	re-enabled by removing the #define of BGE_DISABLE_MSI in
	"src/sys/dev/bge/if_bge.c".

20061214:
	Support for PCI Message Signalled Interrupts has been added
	to the bge driver.  If there are any problems, MSI can be
	disabled completely by setting the 'hw.pci.enable_msi' and
	'hw.pci.enable_msix' tunables to 0 in the loader.

20061205:
	The removal of several facets of the experimental Threading 
	system from the kernel means that the proc and thread structures 
	have changed quite a bit. I suggest all kernel modules that might
	reference these structures be recompiled.. Especially the
	linux module.

20061126:
	Sound infrastructure has been updated with various fixes and
	improvements. Most of the changes are pretty much transparent,
	with exceptions of followings:
	1) All sound driver specific sysctls (hw.snd.pcm%d.*) have been
	   moved to their own dev sysctl nodes, for example:
		hw.snd.pcm0.vchans -> dev.pcm.0.vchans
	2) /dev/dspr%d.%d has been deprecated. Each channel now has its
	   own chardev in the form of "dsp%d.<function>%d", where <function>
	   is p = playback, r = record and v = virtual, respectively. Users
	   are encouraged to use these devs instead of (old) "/dev/dsp%d.%d".
	   This does not affect those who are using "/dev/dsp".

20061122:
	geom(4)'s gmirror(8) class metadata structure has been
	rev'd from v3 to v4. If you update across this point and
	your metadata is converted for you, you will not be easily
	able to downgrade since the /boot/kernel.old/geom_mirror.ko
	kernel module will be unable to read the v4 metadata.  You
	can resolve this by doing from the loader(8) prompt:

		set vfs.root.mountfrom="ufs:/dev/XXX"

	where XXX is the root slice of one of the disks that composed
	the mirror (i.e.: /dev/ad0s1a). You can then rebuild
	the array the same way you built it originally.

20061122:
	The following binaries have been disconnected from the build:
	mount_devfs, mount_ext2fs, mount_fdescfs, mount_procfs, mount_linprocfs,
	and mount_std.  The functionality of these programs has been
	moved into the mount program.  For example, to mount a devfs
	filesystem, instead of using mount_devfs, use: "mount -t devfs".
	This does not affect entries in /etc/fstab, since entries in
	/etc/fstab are always processed with "mount -t fstype".

20061113:
	Support for PCI Message Signalled Interrupts on i386 and amd64
	has been added to the kernel and various drivers will soon be
	updated to use MSI when it is available.  If there are any problems,
	MSI can be disabled completely by setting the 'hw.pci.enable_msi'
	and 'hw.pci.enable_msix' tunables to 0 in the loader.

20061110:
	The MUTEX_PROFILING option has been renamed to LOCK_PROFILING.
	The lockmgr object layout has been changed as a result of having
	a lock_object embedded in it. As a consequence all file system
	kernel modules must be re-compiled. The mutex profiling man page 
	has not yet been updated to reflect this change.

20061026:
	KSE in the kernel has now been made optional and turned on by
	default. Use 'nooption KSE' in your kernel config to turn it
	off. All kernel modules *must* be recompiled after this change.
	There-after, modules from a KSE kernel should be compatible with
	modules from a NOKSE kernel due to the temporary padding fields
	added to 'struct proc'.

20060929:
	mrouted and its utilities have been removed from the base system.

20060927:
	Some ioctl(2) command codes have changed.  Full backward ABI
	compatibility is provided if the "options COMPAT_FREEBSD6" is
	present in the kernel configuration file.  Make sure to add
	this option to your kernel config file, or recompile X.Org
	and the rest of ports; otherwise they may refuse to work.

20060924:
	tcpslice has been removed from the base system.

20060913:
	The sizes of struct tcpcb (and struct xtcpcb) have changed due to
	the rewrite of TCP syncookies.  Tools like netstat, sockstat, and
	systat needs to be rebuilt.

20060903:
	libpcap updated to v0.9.4 and tcpdump to v3.9.4

20060816:
	The IPFIREWALL_FORWARD_EXTENDED option is gone and the behaviour
	for IPFIREWALL_FORWARD is now as it was before when it was first
	committed and for years after. The behaviour is now ON.

20060725:
	enigma(1)/crypt(1) utility has been changed on 64 bit architectures.
	Now it can decrypt files created from different architectures.
	Unfortunately, it is no longer able to decrypt a cipher text
	generated with an older version on 64 bit architectures.
	If you have such a file, you need old utility to decrypt it.

20060709:
 	The interface version of the i4b kernel part has changed. So
 	after updating the kernel sources and compiling a new kernel,
 	the i4b user space tools in "/usr/src/usr.sbin/i4b" must also
 	be rebuilt, and vice versa.
 
20060627:
	The XBOX kernel now defaults to the nfe(4) driver instead of
	the nve(4) driver. Please update your configuration
	accordingly.

20060514:
	The i386-only lnc(4) driver for the AMD Am7900 LANCE and Am79C9xx
	PCnet family of NICs has been removed. The new le(4) driver serves
	as an equivalent but cross-platform replacement with the pcn(4)
	driver still providing performance-optimized support for the subset
	of AMD Am79C971 PCnet-FAST and greater chips as before.

20060511:
	The machdep.* sysctls and the adjkerntz utility have been
	modified a bit.  The new adjkerntz utility uses the new
	sysctl names and sysctlbyname() calls, so it may be impossible
	to run an old /sbin/adjkerntz utility in single-user mode
	with a new kernel.  Replace the `adjkerntz -i' step before
	`make installworld' with:

	    /usr/obj/usr/src/sbin/adjkerntz/adjkerntz -i

	and proceed as usual with the rest of the installworld-stage
	steps.  Otherwise, you risk installing binaries with their
	timestamp set several hours in the future, especially if
	you are running with local time set to GMT+X hours.

20060412:
	The ip6fw utility has been removed.  The behavior provided by
	ip6fw has been in ipfw2 for a good while and the rc.d scripts
	have been updated to deal with it.  There are some rules that
	might not migrate cleanly.  Use rc.firewall6 as a template to
	rewrite rules.

20060428:
	The puc(4) driver has been overhauled. The ebus(4) and sbus(4)
	attachments have been removed. Make sure to configure scc(4)
	on sparc64. Note also that by default puc(4) will use uart(4)
	and not sio(4) for serial ports because interrupt handling has
	been optimized for multi-port serial cards and only uart(4)
	implements the interface to support it.

20060330:
	The scc(4) driver replaces puc(4) for Serial Communications
	Controllers (SCCs) like the Siemens SAB82532 and the Zilog
	Z8530. On sparc64, it is advised to add scc(4) to the kernel
	configuration to make sure that the serial ports remain
	functional.

20060317:
	Most world/kernel related NO_* build options changed names.
	New knobs have common prefixes WITHOUT_*/WITH_* (modelled
	after FreeBSD ports) and should be set in /etc/src.conf
	(the src.conf(5) manpage is provided).  Full backwards
	compatibility is maintained for the time being though it's
	highly recommended to start moving old options out of the
	system-wide /etc/make.conf file into the new /etc/src.conf
	while also properly renaming them.  More conversions will
	likely follow.  Posting to current@:

	http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

20060305:
	The NETSMBCRYPTO kernel option has been retired because its
	functionality is always included in NETSMB and smbfs.ko now.

20060303:
	The TDFX_LINUX kernel option was retired and replaced by the
	tdfx_linux device.  The latter can be loaded as the 3dfx_linux.ko
	kernel module.  Loading it alone should suffice to get 3dfx support
	for Linux apps because it will pull in 3dfx.ko and linux.ko through
	its dependencies.

20060204:
	The 'audit' group was added to support the new auditing functionality
	in the base system.  Be sure to follow the directions for updating,
	including the requirement to run mergemaster -p.

20060201:
	The kernel ABI to file system modules was changed on i386.
	Please make sure that your kernel and modules are in sync.
	
20060118:
	This actually occured some time ago, but installing the kernel
	now also installs a bunch of symbol files for the kernel modules.
	This increases the size of /boot/kernel to about 67Mbytes. You
	will need twice this if you will eventually back this up to kernel.old
	on your next install.
	If you have a shortage of room in your root partition, you should add
	-DINSTALL_NODEBUG to your make arguments or add INSTALL_NODEBUG="yes"
	to your /etc/make.conf.

20060113:
	libc's malloc implementation has been replaced.  This change has the
	potential to uncover application bugs that previously went unnoticed.
	See the malloc(3) manual page for more details.

20060112:
	The generic netgraph(4) cookie has been changed. If you upgrade
	kernel passing this point, you also need to upgrade userland
	and netgraph(4) utilities like ports/net/mpd or ports/net/mpd4.

20060106:
	si(4)'s device files now contain the unit number.
	Uses of {cua,tty}A[0-9a-f] should be replaced by {cua,tty}A0[0-9a-f].

20060106:
	The kernel ABI was mostly destroyed due to a change in the size
	of struct lock_object which is nested in other structures such
	as mutexes which are nested in all sorts of other structures.
	Make sure your kernel and modules are in sync.

20051231:
	The page coloring algorithm in the VM subsystem was converted
	from tuning with kernel options to autotuning. Please remove
	any PQ_* option except PQ_NOOPT from your kernel config.

20051211:
	The net80211-related tools in the tools/tools/ath directory
	have been moved to tools/tools/net80211 and renamed with a
	"wlan" prefix.  Scripts that use them should be adjusted
	accordingly.

20051202:
	Scripts in the local_startup directories (as defined in
	/etc/defaults/rc.conf) that have the new rc.d semantics will
	now be run as part of the base system rcorder. If there are
	errors or problems with one of these local scripts, it could
	cause boot problems. If you encounter such problems, boot in
	single user mode, remove that script from the */rc.d directory.
	Please report the problem to the port's maintainer, and the
	freebsd-ports@freebsd.org mailing list.

20051129:
	The nodev mount option was deprecated in RELENG_6 (where it
	was a no-op), and is now unsupported.  If you have nodev or dev listed
	in /etc/fstab, remove it, otherwise it will result in a mount error.

20051129:
	ABI between ipfw(4) and ipfw(8) has been changed. You need
	to rebuild ipfw(8) when rebuilding kernel.

20051108:
	rp(4)'s device files now contain the unit number.
	Uses of {cua,tty}R[0-9a-f] should be replaced by {cua,tty}R0[0-9a-f].

20051029:
	/etc/rc.d/ppp-user has been renamed to /etc/rc.d/ppp.
	Its /etc/rc.conf.d configuration file has been `ppp' from
	the beginning, and hence there is no need to touch it.

20051014:
	Now most modules get their build-time options from the kernel
	configuration file.  A few modules still have fixed options
	due to their non-conformant implementation, but they will be
	corrected eventually.  You may need to review the options of
	the modules in use, explicitly specify the non-default options
	in the kernel configuration file, and rebuild the kernel and
	modules afterwards.

20051001:
	kern.polling.enable sysctl MIB is now deprecated. Use ifconfig(8)
	to turn polling(4) on your interfaces.

20050927:
	The old bridge(4) implementation was retired.  The new
	if_bridge(4) serves as a full functional replacement.

20050722:
	The ai_addrlen of a struct addrinfo was changed to a socklen_t
	to conform to POSIX-2001.  This change broke an ABI
	compatibility on 64 bit architecture.  You have to recompile
	userland programs that use getaddrinfo(3) on 64 bit
	architecture.

20050711:
	RELENG_6 branched here.

20050629:
	The pccard_ifconfig rc.conf variable has been removed and a new
	variable, ifconfig_DEFAULT has been introduced.  Unlike
	pccard_ifconfig, ifconfig_DEFAULT applies to ALL interfaces that
	do not have ifconfig_ifn entries rather than just those in
	removable_interfaces.

20050616:
	Some previous versions of PAM have permitted the use of
	non-absolute paths in /etc/pam.conf or /etc/pam.d/* when referring
	to third party PAM modules in /usr/local/lib.  A change has been
	made to require the use of absolute paths in order to avoid
	ambiguity and dependence on library path configuration, which may
	affect existing configurations.

20050610:
	Major changes to network interface API.  All drivers must be
	recompiled.  Drivers not in the base system will need to be
	updated to the new APIs.

20050609:
	Changes were made to kinfo_proc in sys/user.h.  Please recompile
	userland, or commands like `fstat', `pkill', `ps', `top' and `w'
	will not behave correctly.

	The API and ABI for hwpmc(4) have changed with the addition
	of sampling support.  Please recompile lib/libpmc(3) and
	usr.sbin/{pmcstat,pmccontrol}.

20050606:
	The OpenBSD dhclient was imported in place of the ISC dhclient
	and the network interface configuration scripts were updated
	accordingly.  If you use DHCP to configure your interfaces, you
	must now run devd.  Also, DNS updating was lost so you will need
	to find a workaround if you use this feature.

	The '_dhcp' user was added to support the OpenBSD dhclient.  Be
	sure to run mergemaster -p (like you are supposed to do every time
	anyway).

20050605:
	if_bridge was added to the tree. This has changed struct ifnet.
	Please recompile userland and all network related modules.

20050603:
	The n_net of a struct netent was changed to an uint32_t, and
	1st argument of getnetbyaddr() was changed to an uint32_t, to
	conform to POSIX-2001.  These changes broke an ABI
	compatibility on 64 bit architecture.  With these changes,
	shlib major of libpcap was bumped.  You have to recompile
	userland programs that use getnetbyaddr(3), getnetbyname(3),
	getnetent(3) and/or libpcap on 64 bit architecture.

20050528:
	Kernel parsing of extra options on '#!' first lines of shell
	scripts has changed.  Lines with multiple options likely will
	fail after this date.  For full details, please see
		http://people.freebsd.org/~gad/Updating-20050528.txt

20050503:
	The packet filter (pf) code has been updated to OpenBSD 3.7
	Please note the changed anchor syntax and the fact that
	authpf(8) now needs a mounted fdescfs(5) to function.

20050415:
	The NO_MIXED_MODE kernel option has been removed from the i386
	amd64 platforms as its use has been superceded by the new local
	APIC timer code.  Any kernel config files containing this option
	should be updated.

20050227:
	The on-disk format of LC_CTYPE files was changed to be machine
	independent.  Please make sure NOT to use NO_CLEAN buildworld
	when crossing this point. Crossing this point also requires
	recompile or reinstall of all locale depended packages.

20050225:
	The ifi_epoch member of struct if_data has been changed to
	contain the uptime at which the interface was created or the
	statistics zeroed rather then the wall clock time because
	wallclock time may go backwards.  This should have no impact
	unless an snmp implementation is using this value (I know of
	none at this point.)

20050224:
	The acpi_perf and acpi_throttle drivers are now part of the
	acpi(4) main module.  They are no longer built separately.

20050223:
	The layout of struct image_params has changed. You have to
	recompile all compatibility modules (linux, svr4, etc) for use
	with the new kernel.

20050223:
	The p4tcc driver has been merged into cpufreq(4).  This makes
	"options CPU_ENABLE_TCC" obsolete.  Please load cpufreq.ko or
	compile in "device cpufreq" to restore this functionality.

20050220:
	The responsibility of recomputing the file system summary of
	a SoftUpdates-enabled dirty volume has been transferred to the
	background fsck.  A rebuild of fsck(8) utility is recommended
	if you have updated the kernel.

	To get the old behavior (recompute file system summary at mount
	time), you can set vfs.ffs.compute_summary_at_mount=1 before
	mounting the new volume.

20050206:
	The cpufreq import is complete.  As part of this, the sysctls for
	acpi(4) throttling have been removed.  The power_profile script
	has been updated, so you can use performance/economy_cpu_freq in
	rc.conf(5) to set AC on/offline cpu frequencies.

20050206:
	NG_VERSION has been increased. Recompiling kernel (or ng_socket.ko)
	requires recompiling libnetgraph and userland netgraph utilities.

20050114:
	Support for abbreviated forms of a number of ipfw options is
	now deprecated.  Warnings are printed to stderr indicating the
	correct full form when a match occurs.  Some abbreviations may
	be supported at a later date based on user feedback.  To be
	considered for support, abbreviations must be in use prior to
	this commit and unlikely to be confused with current key words.

20041221:
	By a popular demand, a lot of NOFOO options were renamed
	to NO_FOO (see bsd.compat.mk for a full list).  The old
	spellings are still supported, but will cause annoying
	warnings on stderr.  Make sure you upgrade properly (see
	the COMMON ITEMS: section later in this file).

20041219:
	Auto-loading of ancillary wlan modules such as wlan_wep has
	been temporarily disabled; you need to statically configure
	the modules you need into your kernel or explicitly load them
	prior to use.  Specifically, if you intend to use WEP encryption
	with an 802.11 device load/configure wlan_wep; if you want to
	use WPA with the ath driver load/configure wlan_tkip, wlan_ccmp,
	and wlan_xauth as required.

20041213:
	The behaviour of ppp(8) has changed slightly.  If lqr is enabled
	(``enable lqr''), older versions would revert to LCP ECHO mode on
	negotiation failure.  Now, ``enable echo'' is required for this
	behaviour.  The ppp version number has been bumped to 3.4.2 to
	reflect the change.

20041201:
	The wlan support has been updated to split the crypto support
	into separate modules.  For static WEP you must configure the
	wlan_wep module in your system or build and install the module
	in place where it can be loaded (the kernel will auto-load
	the module when a wep key is configured).

20041201:
	The ath driver has been updated to split the tx rate control
	algorithm into a separate module.  You need to include either
	ath_rate_onoe or ath_rate_amrr when configuring the kernel.

20041116:
	Support for systems with an 80386 CPU has been removed.  Please
	use FreeBSD 5.x or earlier on systems with an 80386.

20041110:
	We have had a hack which would mount the root filesystem
	R/W if the device were named 'md*'.  As part of the vnode
	work I'm doing I have had to remove this hack.  People
	building systems which use preloaded MD root filesystems
	may need to insert a "/sbin/mount -u -o rw /dev/md0 /" in
	their /etc/rc scripts.

20041104:
	FreeBSD 5.3 shipped here.

20041102:
	The size of struct tcpcb has changed again due to the removal
	of RFC1644 T/TCP.  You have to recompile userland programs that
	read kmem for tcp sockets directly (netstat, sockstat, etc.)

20041022:
	The size of struct tcpcb has changed.  You have to recompile
	userland programs that read kmem for tcp sockets directly
	(netstat, sockstat, etc.)

20041016:
	RELENG_5 branched here.  For older entries, please see updating
	in the RELENG_5 branch.

COMMON ITEMS:

	General Notes
	-------------
	Avoid using make -j when upgrading.  From time to time in the
	past there have been problems using -j with buildworld and/or
	installworld.  This is especially true when upgrading between
	"distant" versions (eg one that cross a major release boundary
	or several minor releases, or when several months have passed
	on the -current branch).

	Sometimes, obscure build problems are the result of environment
	poisoning.  This can happen because the make utility reads its
	environment when searching for values for global variables.
	To run your build attempts in an "environmental clean room",
	prefix all make commands with 'env -i '.  See the env(1) manual
	page for more details.

	When upgrading from one major version to another it is generally
	best to upgrade to the latest code in the currently installed branch
	first, then do an upgrade to the new branch. This is the best-tested
	upgrade path, and has the highest probability of being successful.
	Please try this approach before reporting problems with a major
	version upgrade.

	To build a kernel
	-----------------
	If you are updating from a prior version of FreeBSD (even one just
	a few days old), you should follow this procedure.  It is the most
	failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,

	make kernel-toolchain
	make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
	make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE

	To test a kernel once
	---------------------
	If you just want to boot a kernel once (because you are not sure
	if it works, or if you want to boot a known bad kernel to provide
	debugging information) run
	make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
	nextboot -k testkernel

	To just build a kernel when you know that it won't mess you up
	--------------------------------------------------------------
	This assumes you are already running a 5.X system.  Replace
	${arch} with the architecture of your machine (e.g. "i386",
	"alpha", "amd64", "ia64", "pc98", "sparc64", etc).

	cd src/sys/${arch}/conf
	config KERNEL_NAME_HERE
	cd ../compile/KERNEL_NAME_HERE
	make depend
	make
	make install

	If this fails, go to the "To build a kernel" section.

	To rebuild everything and install it on the current system.
	-----------------------------------------------------------
	# Note: sometimes if you are running current you gotta do more than
	# is listed here if you are upgrading from a really old current.

	<make sure you have good level 0 dumps>
	make buildworld
	make kernel KERNCONF=YOUR_KERNEL_HERE
							[1]
	<reboot in single user>				[3]
	mergemaster -p					[5]
	make installworld
	make delete-old
	mergemaster					[4]
	<reboot>


	To cross-install current onto a separate partition
	--------------------------------------------------
	# In this approach we use a separate partition to hold
	# current's root, 'usr', and 'var' directories.   A partition
	# holding "/", "/usr" and "/var" should be about 2GB in
	# size.

	<make sure you have good level 0 dumps>
	<boot into -stable>
	make buildworld
	make buildkernel KERNCONF=YOUR_KERNEL_HERE
	<maybe newfs current's root partition>
	<mount current's root partition on directory ${CURRENT_ROOT}>
	make installworld DESTDIR=${CURRENT_ROOT}
	make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
	make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
	cp /etc/fstab ${CURRENT_ROOT}/etc/fstab 		   # if newfs'd
	<edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
	<reboot into current>
	<do a "native" rebuild/install as described in the previous section>
	<maybe install compatibility libraries from src/lib/compat>
 	<reboot>


	To upgrade in-place from 5.x-stable to current
	----------------------------------------------
	<make sure you have good level 0 dumps>
	make buildworld					[9]
	make kernel KERNCONF=YOUR_KERNEL_HERE		[8]
							[1]
	<reboot in single user>				[3]
	mergemaster -p					[5]
	make installworld
	make delete-old
	mergemaster -i					[4]
	<reboot>

	Make sure that you've read the UPDATING file to understand the
	tweaks to various things you need.  At this point in the life
	cycle of current, things change often and you are on your own
	to cope.  The defaults can also change, so please read ALL of
	the UPDATING entries.

	Also, if you are tracking -current, you must be subscribed to
	freebsd-current@freebsd.org.  Make sure that before you update
	your sources that you have read and understood all the recent
	messages there.  If in doubt, please track -stable which has
	much fewer pitfalls.

	[1] If you have third party modules, such as vmware, you
	should disable them at this point so they don't crash your
	system on reboot.

	[3] From the bootblocks, boot -s, and then do
		fsck -p
		mount -u /
		mount -a
		cd src
		adjkerntz -i		# if CMOS is wall time
	Also, when doing a major release upgrade, it is required that
	you boot into single user mode to do the installworld.

	[4] Note: This step is non-optional.  Failure to do this step
	can result in a significant reduction in the functionality of the
	system.  Attempting to do it by hand is not recommended and those
	that pursue this avenue should read this file carefully, as well
	as the archives of freebsd-current and freebsd-hackers mailing lists
	for potential gotchas.

	[5] Usually this step is a noop.  However, from time to time
	you may need to do this if you get unknown user in the following
	step.  It never hurts to do it all the time.  You may need to
	install a new mergemaster (cd src/usr.sbin/mergemaster && make
	install) after the buildworld before this step if you last updated
	from current before 20020224 or from -stable before 20020408.

	[8] In order to have a kernel that can run the 4.x binaries
	needed to do an installworld, you must include the COMPAT_FREEBSD4
	option in your kernel.  Failure to do so may leave you with a system
	that is hard to boot to recover. A similar kernel option COMPAT_FREEBSD5
	is required to run the 5.x binaries on more recent kernels.

	Make sure that you merge any new devices from GENERIC since the
	last time you updated your kernel config file.

	[9] When checking out sources, you must include the -P flag to have
	cvs prune empty directories.

	If CPUTYPE is defined in your /etc/make.conf, make sure to use the
	"?=" instead of the "=" assignment operator, so that buildworld can
	override the CPUTYPE if it needs to.

	MAKEOBJDIRPREFIX must be defined in an environment variable, and
	not on the command line, or in /etc/make.conf.  buildworld will
	warn if it is improperly defined.
FORMAT:

This file contains a list, in reverse chronological order, of major
breakages in tracking -current.  Not all things will be listed here,
and it only starts on October 16, 2004.  Updating files can found in
previous releases if your system is older than this.

Copyright information:

Copyright 1998-2005 M. Warner Losh.  All Rights Reserved.

Redistribution, publication, translation and use, with or without
modification, in full or in part, in any form or format of this
document are permitted without further permission from the author.

THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.  IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

If you find this document useful, and you want to, you may buy the
author a beer.

Contact Warner Losh if you have any questions about your use of
this document.

$FreeBSD$