xref: /freebsd/UPDATING (revision c9dbb1cc52b063bbd9ab078a7afc89a8696da659)
1Updating Information for FreeBSD current users.
2
3This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
4See end of file for further details.  For commonly done items, please see the
5COMMON ITEMS: section later in the file.  These instructions assume that you
6basically know what you are doing.  If not, then please consult the FreeBSD
7handbook:
8
9    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
10
11Items affecting the ports and packages system can be found in
12/usr/ports/UPDATING.  Please read that file before running portupgrade.
13
14NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
15from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
16the tip of head, and then rebuild without this option. The bootstrap process from
17older version of current across the gcc/clang cutover is a bit fragile.
18
19NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
20	FreeBSD 11.x has many debugging features turned on, in both the kernel
21	and userland.  These features attempt to detect incorrect use of
22	system primitives, and encourage loud failure through extra sanity
23	checking and fail stop semantics.  They also substantially impact
24	system performance.  If you want to do performance measurement,
25	benchmarking, and optimization, you'll want to turn them off.  This
26	includes various WITNESS- related kernel options, INVARIANTS, malloc
27	debugging flags in userland, and various verbose features in the
28	kernel.  Many developers choose to disable these features on build
29	machines to maximize performance.  (To completely disable malloc
30	debugging, define MALLOC_PRODUCTION in /etc/make.conf, or to merely
31	disable the most expensive debugging functionality run
32	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
33
3420150827:
35	The wireless drivers had undergone changes that remove the 'parent
36	interface' from the ifconfig -l output. The rc.d network scripts
37	used to check presence of a parent interface in the list, so old
38	scripts would fail to start wireless networking. Thus, etcupdate(3)
39	or mergemaster(8) run is required after kernel update, to update your
40	rc.d scripts in /etc.
41
4220150827:
43	pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl'
44	These configurations are now automatically interpreted as
45	'scrub fragment reassemble'.
46
4720150817:
48	Kernel-loadable modules for the random(4) device are back. To use
49	them, the kernel must have
50
51	device	random
52	options	RANDOM_LOADABLE
53
54	kldload(8) can then be used to load random_fortuna.ko
55	or random_yarrow.ko. Please note that due to the indirect
56	function calls that the loadable modules need to provide,
57	the build-in variants will be slightly more efficient.
58
59	The random(4) kernel option RANDOM_DUMMY has been retired due to
60	unpopularity. It was not all that useful anyway.
61
6220150813:
63	The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired.
64	Control over building the ELF Tool Chain tools is now provided by
65	the WITHOUT_TOOLCHAIN knob.
66
6720150810:
68	The polarity of Pulse Per Second (PPS) capture events with the
69	uart(4) driver has been corrected.  Prior to this change the PPS
70	"assert" event corresponded to the trailing edge of a positive PPS
71	pulse and the "clear" event was the leading edge of the next pulse.
72
73	As the width of a PPS pulse in a typical GPS receiver is on the
74	order of 1 millisecond, most users will not notice any significant
75	difference with this change.
76
77	Anyone who has compensated for the historical polarity reversal by
78	configuring a negative offset equal to the pulse width will need to
79	remove that workaround.
80
8120150809:
82	The default group assigned to /dev/dri entries has been changed
83	from 'wheel' to 'video' with the id of '44'. If you want to have
84	access to the dri devices please add yourself to the video group
85	with:
86
87	# pw groupmod video -m $USER
88
8920150806:
90	The menu.rc and loader.rc files will now be replaced during
91	upgrades. Please migrate local changes to menu.rc.local and
92	loader.rc.local instead.
93
9420150805:
95	GNU Binutils versions of addr2line, c++filt, nm, readelf, size,
96	strings and strip have been removed. The src.conf(5) knob
97	WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools.
98
9920150728:
100	As ZFS requires more kernel stack pages than is the default on some
101	architectures e.g. i386, it now warns if KSTACK_PAGES is less than
102	ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing).
103
104	Please consider using 'options KSTACK_PAGES=X' where X is greater
105	than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations.
106
10720150706:
108	sendmail has been updated to 8.15.2.  Starting with FreeBSD 11.0
109	and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by
110	default, i.e., they will not contain "::".  For example, instead
111	of ::1, it will be 0:0:0:0:0:0:0:1.  This permits a zero subnet
112	to have a more specific match, such as different map entries for
113	IPv6:0:0 vs IPv6:0.  This change requires that configuration
114	data (including maps, files, classes, custom ruleset, etc.) must
115	use the same format, so make certain such configuration data is
116	upgrading.  As a very simple check search for patterns like
117	'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'.  To return to the old
118	behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or
119	the cf option UseCompressedIPv6Addresses.
120
12120150630:
122	The default kernel entropy-processing algorithm is now
123	Fortuna, replacing Yarrow.
124
125	Assuming you have 'device random' in your kernel config
126	file, the configurations allow a kernel option to override
127	this default. You may choose *ONE* of:
128
129	options	RANDOM_YARROW	# Legacy /dev/random algorithm.
130	options	RANDOM_DUMMY	# Blocking-only driver.
131
132	If you have neither, you get Fortuna.  For most people,
133	read no further, Fortuna will give a /dev/random that works
134	like it always used to, and the difference will be irrelevant.
135
136	If you remove 'device random', you get *NO* kernel-processed
137	entopy at all. This may be acceptable to folks building
138	embedded systems, but has complications. Carry on reading,
139	and it is assumed you know what you need.
140
141	*PLEASE* read random(4) and random(9) if you are in the
142	habit of tweeking kernel configs, and/or if you are a member
143	of the embedded community, wanting specific and not-usual
144	behaviour from your security subsystems.
145
146	NOTE!! If you use RANDOM_DUMMY and/or have no 'device
147	random', you will NOT have a functioning /dev/random, and
148	many cryptographic features will not work, including SSH.
149	You may also find strange behaviour from the random(3) set
150	of library functions, in particular sranddev(3), srandomdev(3)
151	and arc4random(3). The reason for this is that the KERN_ARND
152	sysctl only returns entropy if it thinks it has some to
153	share, and with RANDOM_DUMMY or no 'device random' this
154	will never happen.
155
15620150623:
157	An additional fix for the issue described in the 20150614 sendmail
158	entry below has been been committed in revision 284717.
159
16020150616:
161	FreeBSD's old make (fmake) has been removed from the system. It is
162	available as the devel/fmake port or via pkg install fmake.
163
16420150615:
165	The fix for the issue described in the 20150614 sendmail entry
166	below has been been committed in revision 284436.  The work
167	around described in that entry is no longer needed unless the
168	default setting is overridden by a confDH_PARAMETERS configuration
169	setting of '5' or pointing to a 512 bit DH parameter file.
170
17120150614:
172	ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from
173	atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf
174	and devel/kyua to version 0.20+ and adjust any calling code to work
175	with Kyuafile and kyua.
176
17720150614:
178	The import of openssl to address the FreeBSD-SA-15:10.openssl
179	security advisory includes a change which rejects handshakes
180	with DH parameters below 768 bits.  sendmail releases prior
181	to 8.15.2 (not yet released), defaulted to a 512 bit
182	DH parameter setting for client connections.  To work around
183	this interoperability, sendmail can be configured to use a
184	2048 bit DH parameter by:
185
186	1. Edit /etc/mail/`hostname`.mc
187	2. If a setting for confDH_PARAMETERS does not exist or
188	   exists and is set to a string beginning with '5',
189	   replace it with '2'.
190	3. If a setting for confDH_PARAMETERS exists and is set to
191	   a file path, create a new file with:
192		openssl dhparam -out /path/to/file 2048
193	4. Rebuild the .cf file:
194		cd /etc/mail/; make; make install
195	5. Restart sendmail:
196		cd /etc/mail/; make restart
197
198	A sendmail patch is coming, at which time this file will be
199	updated.
200
20120150604:
202	Generation of legacy formatted entries have been disabled by default
203	in pwd_mkdb(8), as all base system consumers of the legacy formatted
204	entries were converted to use the new format by default when the new,
205	machine independent format have been added and supported since FreeBSD
206	5.x.
207
208	Please see the pwd_mkdb(8) manual page for further details.
209
21020150525:
211	Clang and llvm have been upgraded to 3.6.1 release.  Please see the
212	20141231 entry below for information about prerequisites and upgrading,
213	if you are not already using 3.5.0 or higher.
214
21520150521:
216	TI platform code switched to using vendor DTS files and this update
217	may break existing systems running on Beaglebone, Beaglebone Black,
218	and Pandaboard:
219
220	- dtb files should be regenerated/reinstalled. Filenames are the
221	  same but content is different now
222	- GPIO addressing was changed, now each GPIO bank (32 pins per bank)
223	  has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old
224	  addressing scheme is now pin 25 on /dev/gpioc3.
225	- Pandaboard: /etc/ttys should be updated, serial console device is
226	  now /dev/ttyu2, not /dev/ttyu0
227
22820150501:
229	soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim.
230	If you need the GNU extension from groff soelim(1), install groff
231	from package: pkg install groff, or via ports: textproc/groff.
232
23320150423:
234	chmod, chflags, chown and chgrp now affect symlinks in -R mode as
235	defined in symlink(7); previously symlinks were silently ignored.
236
23720150415:
238	The const qualifier has been removed from iconv(3) to comply with
239	POSIX.  The ports tree is aware of this from r384038 onwards.
240
24120150416:
242	Libraries specified by LIBADD in Makefiles must have a corresponding
243	DPADD_<lib> variable to ensure correct dependencies.  This is now
244	enforced in src.libnames.mk.
245
24620150324:
247	From legacy ata(4) driver was removed support for SATA controllers
248	supported by more functional drivers ahci(4), siis(4) and mvs(4).
249	Kernel modules ataahci and ataadaptec were removed completely,
250	replaced by ahci and mvs modules respectively.
251
25220150315:
253	Clang, llvm and lldb have been upgraded to 3.6.0 release.  Please see
254	the 20141231 entry below for information about prerequisites and
255	upgrading, if you are not already using 3.5.0 or higher.
256
25720150307:
258	The 32-bit PowerPC kernel has been changed to a position-independent
259	executable. This can only be booted with a version of loader(8)
260	newer than January 31, 2015, so make sure to update both world and
261	kernel before rebooting.
262
26320150217:
264	If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014),
265	but before r278950, the RNG was not seeded properly.  Immediately
266	upgrade the kernel to r278950 or later and regenerate any keys (e.g.
267	ssh keys or openssl keys) that were generated w/ a kernel from that
268	range.  This does not affect programs that directly used /dev/random
269	or /dev/urandom.  All userland uses of arc4random(3) are affected.
270
27120150210:
272	The autofs(4) ABI was changed in order to restore binary compatibility
273	with 10.1-RELEASE.  The automountd(8) daemon needs to be rebuilt to work
274	with the new kernel.
275
27620150131:
277	The powerpc64 kernel has been changed to a position-independent
278	executable. This can only be booted with a new version of loader(8),
279	so make sure to update both world and kernel before rebooting.
280
28120150118:
282	Clang and llvm have been upgraded to 3.5.1 release.  This is a bugfix
283	only release, no new features have been added.  Please see the 20141231
284	entry below for information about prerequisites and upgrading, if you
285	are not already using 3.5.0.
286
28720150107:
288	ELF tools addr2line, elfcopy (strip), nm, size, and strings are now
289	taken from the ELF Tool Chain project rather than GNU binutils. They
290	should be drop-in replacements, with the addition of arm64 support.
291	The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the
292	binutils tools, if necessary. See 20150805 for updated information.
293
29420150105:
295	The default Unbound configuration now enables remote control
296	using a local socket.  Users who have already enabled the
297	local_unbound service should regenerate their configuration
298	by running "service local_unbound setup" as root.
299
30020150102:
301	The GNU texinfo and GNU info pages have been removed.
302	To be able to view GNU info pages please install texinfo from ports.
303
30420141231:
305	Clang, llvm and lldb have been upgraded to 3.5.0 release.
306
307	As of this release, a prerequisite for building clang, llvm and lldb is
308	a C++11 capable compiler and C++11 standard library.  This means that to
309	be able to successfully build the cross-tools stage of buildworld, with
310	clang as the bootstrap compiler, your system compiler or cross compiler
311	should either be clang 3.3 or later, or gcc 4.8 or later, and your
312	system C++ library should be libc++, or libdstdc++ from gcc 4.8 or
313	later.
314
315	On any standard FreeBSD 10.x or 11.x installation, where clang and
316	libc++ are on by default (that is, on x86 or arm), this should work out
317	of the box.
318
319	On 9.x installations where clang is enabled by default, e.g. on x86 and
320	powerpc, libc++ will not be enabled by default, so libc++ should be
321	built (with clang) and installed first.  If both clang and libc++ are
322	missing, build clang first, then use it to build libc++.
323
324	On 8.x and earlier installations, upgrade to 9.x first, and then follow
325	the instructions for 9.x above.
326
327	Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by
328	default, and do not build clang.
329
330	Many embedded systems are resource constrained, and will not be able to
331	build clang in a reasonable time, or in some cases at all.  In those
332	cases, cross building bootable systems on amd64 is a workaround.
333
334	This new version of clang introduces a number of new warnings, of which
335	the following are most likely to appear:
336
337	-Wabsolute-value
338
339	This warns in two cases, for both C and C++:
340	* When the code is trying to take the absolute value of an unsigned
341	  quantity, which is effectively a no-op, and almost never what was
342	  intended.  The code should be fixed, if at all possible.  If you are
343	  sure that the unsigned quantity can be safely cast to signed, without
344	  loss of information or undefined behavior, you can add an explicit
345	  cast, or disable the warning.
346
347	* When the code is trying to take an absolute value, but the called
348	  abs() variant is for the wrong type, which can lead to truncation.
349	  If you want to disable the warning instead of fixing the code, please
350	  make sure that truncation will not occur, or it might lead to unwanted
351	  side-effects.
352
353	-Wtautological-undefined-compare and
354	-Wundefined-bool-conversion
355
356	These warn when C++ code is trying to compare 'this' against NULL, while
357	'this' should never be NULL in well-defined C++ code.  However, there is
358	some legacy (pre C++11) code out there, which actively abuses this
359	feature, which was less strictly defined in previous C++ versions.
360
361	Squid and openjdk do this, for example.  The warning can be turned off
362	for C++98 and earlier, but compiling the code in C++11 mode might result
363	in unexpected behavior; for example, the parts of the program that are
364	unreachable could be optimized away.
365
36620141222:
367	The old NFS client and server (kernel options NFSCLIENT, NFSSERVER)
368	kernel sources have been removed. The .h files remain, since some
369	utilities include them. This will need to be fixed later.
370	If "mount -t oldnfs ..." is attempted, it will fail.
371	If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used,
372	the utilities will report errors.
373
37420141121:
375	The handling of LOCAL_LIB_DIRS has been altered to skip addition of
376	directories to top level SUBDIR variable when their parent
377	directory is included in LOCAL_DIRS.  Users with build systems with
378	such hierarchies and without SUBDIR entries in the parent
379	directory Makefiles should add them or add the directories to
380	LOCAL_DIRS.
381
38220141109:
383	faith(4) and faithd(8) have been removed from the base system. Faith
384	has been obsolete for a very long time.
385
38620141104:
387	vt(4), the new console driver, is enabled by default. It brings
388	support for Unicode and double-width characters, as well as
389	support for UEFI and integration with the KMS kernel video
390	drivers.
391
392	You may need to update your console settings in /etc/rc.conf,
393	most probably the keymap. During boot, /etc/rc.d/syscons will
394	indicate what you need to do.
395
396	vt(4) still has issues and lacks some features compared to
397	syscons(4). See the wiki for up-to-date information:
398	  https://wiki.freebsd.org/Newcons
399
400	If you want to keep using syscons(4), you can do so by adding
401	the following line to /boot/loader.conf:
402	  kern.vty=sc
403
40420141102:
405	pjdfstest has been integrated into kyua as an opt-in test suite.
406	Please see share/doc/pjdfstest/README for more details on how to
407	execute it.
408
40920141009:
410	gperf has been removed from the base system for architectures
411	that use clang. Ports that require gperf will obtain it from the
412	devel/gperf port.
413
41420140923:
415	pjdfstest has been moved from tools/regression/pjdfstest to
416	contrib/pjdfstest .
417
41820140922:
419	At svn r271982, The default linux compat kernel ABI has been adjusted
420	to 2.6.18 in support of the linux-c6 compat ports infrastructure
421	update.  If you wish to continue using the linux-f10 compat ports,
422	add compat.linux.osrelease=2.6.16 to your local sysctl.conf.  Users are
423	encouraged to update their linux-compat packages to linux-c6 during
424	their next update cycle.
425
42620140729:
427	The ofwfb driver, used to provide a graphics console on PowerPC when
428	using vt(4), no longer allows mmap() of all physical memory. This
429	will prevent Xorg on PowerPC with some ATI graphics cards from
430	initializing properly unless x11-servers/xorg-server is updated to
431	1.12.4_8 or newer.
432
43320140723:
434	The xdev targets have been converted to using TARGET and
435	TARGET_ARCH instead of XDEV and XDEV_ARCH.
436
43720140719:
438	The default unbound configuration has been modified to address
439	issues with reverse lookups on networks that use private
440	address ranges.  If you use the local_unbound service, run
441	"service local_unbound setup" as root to regenerate your
442	configuration, then "service local_unbound reload" to load the
443	new configuration.
444
44520140709:
446	The GNU texinfo and GNU info pages are not built and installed
447	anymore, WITH_INFO knob has been added to allow to built and install
448	them again.
449	UPDATE: see 20150102 entry on texinfo's removal
450
45120140708:
452	The GNU readline library is now an INTERNALLIB - that is, it is
453	statically linked into consumers (GDB and variants) in the base
454	system, and the shared library is no longer installed.  The
455	devel/readline port is available for third party software that
456	requires readline.
457
45820140702:
459	The Itanium architecture (ia64) has been removed from the list of
460	known architectures. This is the first step in the removal of the
461	architecture.
462
46320140701:
464	Commit r268115 has added NFSv4.1 server support, merged from
465	projects/nfsv4.1-server.  Since this includes changes to the
466	internal interfaces between the NFS related modules, a full
467	build of the kernel and modules will be necessary.
468	__FreeBSD_version has been bumped.
469
47020140629:
471	The WITHOUT_VT_SUPPORT kernel config knob has been renamed
472	WITHOUT_VT.  (The other _SUPPORT knobs have a consistent meaning
473	which differs from the behaviour controlled by this knob.)
474
47520140619:
476	Maximal length of the serial number in CTL was increased from 16 to
477	64 chars, that breaks ABI.  All CTL-related tools, such as ctladm
478	and ctld, need to be rebuilt to work with a new kernel.
479
48020140606:
481	The libatf-c and libatf-c++ major versions were downgraded to 0 and
482	1 respectively to match the upstream numbers.  They were out of
483	sync because, when they were originally added to FreeBSD, the
484	upstream versions were not respected.  These libraries are private
485	and not yet built by default, so renumbering them should be a
486	non-issue.  However, unclean source trees will yield broken test
487	programs once the operator executes "make delete-old-libs" after a
488	"make installworld".
489
490	Additionally, the atf-sh binary was made private by moving it into
491	/usr/libexec/.  Already-built shell test programs will keep the
492	path to the old binary so they will break after "make delete-old"
493	is run.
494
495	If you are using WITH_TESTS=yes (not the default), wipe the object
496	tree and rebuild from scratch to prevent spurious test failures.
497	This is only needed once: the misnumbered libraries and misplaced
498	binaries have been added to OptionalObsoleteFiles.inc so they will
499	be removed during a clean upgrade.
500
50120140512:
502	Clang and llvm have been upgraded to 3.4.1 release.
503
50420140508:
505	We bogusly installed src.opts.mk in /usr/share/mk. This file should
506	be removed to avoid issues in the future (and has been added to
507	ObsoleteFiles.inc).
508
50920140505:
510	/etc/src.conf now affects only builds of the FreeBSD src tree. In the
511	past, it affected all builds that used the bsd.*.mk files. The old
512	behavior was a bug, but people may have relied upon it. To get this
513	behavior back, you can .include /etc/src.conf from /etc/make.conf
514	(which is still global and isn't changed). This also changes the
515	behavior of incremental builds inside the tree of individual
516	directories. Set MAKESYSPATH to ".../share/mk" to do that.
517	Although this has survived make universe and some upgrade scenarios,
518	other upgrade scenarios may have broken. At least one form of
519	temporary breakage was fixed with MAKESYSPATH settings for buildworld
520	as well... In cases where MAKESYSPATH isn't working with this
521	setting, you'll need to set it to the full path to your tree.
522
523	One side effect of all this cleaning up is that bsd.compiler.mk
524	is no longer implicitly included by bsd.own.mk. If you wish to
525	use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk
526	as well.
527
52820140430:
529	The lindev device has been removed since /dev/full has been made a
530	standard device.  __FreeBSD_version has been bumped.
531
53220140424:
533	The knob WITHOUT_VI was added to the base system, which controls
534	building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1)
535	in order to reorder files share/termcap and didn't build ex(1) as a
536	build tool, so building/installing with WITH_VI is highly advised for
537	build hosts for older releases.
538
539	This issue has been fixed in stable/9 and stable/10 in r277022 and
540	r276991, respectively.
541
54220140418:
543	The YES_HESIOD knob has been removed. It has been obsolete for
544	a decade. Please move to using WITH_HESIOD instead or your builds
545	will silently lack HESIOD.
546
54720140405:
548	The uart(4) driver has been changed with respect to its handling
549	of the low-level console. Previously the uart(4) driver prevented
550	any process from changing the baudrate or the CLOCAL and HUPCL
551	control flags. By removing the restrictions, operators can make
552	changes to the serial console port without having to reboot.
553	However, when getty(8) is started on the serial device that is
554	associated with the low-level console, a misconfigured terminal
555	line in /etc/ttys will now have a real impact.
556	Before upgrading the kernel, make sure that /etc/ttys has the
557	serial console device configured as 3wire without baudrate to
558	preserve the previous behaviour. E.g:
559	    ttyu0  "/usr/libexec/getty 3wire"  vt100  on  secure
560
56120140306:
562	Support for libwrap (TCP wrappers) in rpcbind was disabled by default
563	to improve performance.  To re-enable it, if needed, run rpcbind
564	with command line option -W.
565
56620140226:
567	Switched back to the GPL dtc compiler due to updates in the upstream
568	dts files not being supported by the BSDL dtc compiler. You will need
569	to rebuild your kernel toolchain to pick up the new compiler. Core dumps
570	may result while building dtb files during a kernel build if you fail
571	to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler.
572
57320140216:
574	Clang and llvm have been upgraded to 3.4 release.
575
57620140216:
577	The nve(4) driver has been removed.  Please use the nfe(4) driver
578	for NVIDIA nForce MCP Ethernet adapters instead.
579
58020140212:
581	An ABI incompatibility crept into the libc++ 3.4 import in r261283.
582	This could cause certain C++ applications using shared libraries built
583	against the previous version of libc++ to crash.  The incompatibility
584	has now been fixed, but any C++ applications or shared libraries built
585	between r261283 and r261801 should be recompiled.
586
58720140204:
588	OpenSSH will now ignore errors caused by kernel lacking of Capsicum
589	capability mode support.  Please note that enabling the feature in
590	kernel is still highly recommended.
591
59220140131:
593	OpenSSH is now built with sandbox support, and will use sandbox as
594	the default privilege separation method.  This requires Capsicum
595	capability mode support in kernel.
596
59720140128:
598	The libelf and libdwarf libraries have been updated to newer
599	versions from upstream. Shared library version numbers for
600	these two libraries were bumped. Any ports or binaries
601	requiring these two libraries should be recompiled.
602	__FreeBSD_version is bumped to 1100006.
603
60420140110:
605	If a Makefile in a tests/ directory was auto-generating a Kyuafile
606	instead of providing an explicit one, this would prevent such
607	Makefile from providing its own Kyuafile in the future during
608	NO_CLEAN builds.  This has been fixed in the Makefiles but manual
609	intervention is needed to clean an objdir if you use NO_CLEAN:
610	  # find /usr/obj -name Kyuafile | xargs rm -f
611
61220131213:
613	The behavior of gss_pseudo_random() for the krb5 mechanism
614	has changed, for applications requesting a longer random string
615	than produced by the underlying enctype's pseudo-random() function.
616	In particular, the random string produced from a session key of
617	enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
618	be different at the 17th octet and later, after this change.
619	The counter used in the PRF+ construction is now encoded as a
620	big-endian integer in accordance with RFC 4402.
621	__FreeBSD_version is bumped to 1100004.
622
62320131108:
624	The WITHOUT_ATF build knob has been removed and its functionality
625	has been subsumed into the more generic WITHOUT_TESTS.  If you were
626	using the former to disable the build of the ATF libraries, you
627	should change your settings to use the latter.
628
62920131025:
630	The default version of mtree is nmtree which is obtained from
631	NetBSD.  The output is generally the same, but may vary
632	slightly.  If you found you need identical output adding
633	"-F freebsd9" to the command line should do the trick.  For the
634	time being, the old mtree is available as fmtree.
635
63620131014:
637	libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
638	This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
639	1.1.4_8 and verify bsdyml not linked in, before running "make
640	delete-old-libs":
641	  # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
642	  or
643	  # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml
644
64520131010:
646	The stable/10 branch has been created in subversion from head
647	revision r256279.
648
64920131010:
650	The rc.d/jail script has been updated to support jail(8)
651	configuration file.  The "jail_<jname>_*" rc.conf(5) variables
652	for per-jail configuration are automatically converted to
653	/var/run/jail.<jname>.conf before the jail(8) utility is invoked.
654	This is transparently backward compatible.  See below about some
655	incompatibilities and rc.conf(5) manual page for more details.
656
657	These variables are now deprecated in favor of jail(8) configuration
658	file.  One can use "rc.d/jail config <jname>" command to generate
659	a jail(8) configuration file in /var/run/jail.<jname>.conf without
660	running the jail(8) utility.   The default pathname of the
661	configuration file is /etc/jail.conf and can be specified by
662	using $jail_conf or $jail_<jname>_conf variables.
663
664	Please note that jail_devfs_ruleset accepts an integer at
665	this moment.  Please consider to rewrite the ruleset name
666	with an integer.
667
66820130930:
669	BIND has been removed from the base system.  If all you need
670	is a local resolver, simply enable and start the local_unbound
671	service instead.  Otherwise, several versions of BIND are
672	available in the ports tree.   The dns/bind99 port is one example.
673
674	With this change, nslookup(1) and dig(1) are no longer in the base
675	system.  Users should instead use host(1) and drill(1) which are
676	in the base system.  Alternatively, nslookup and dig can
677	be obtained by installing the dns/bind-tools port.
678
67920130916:
680	With the addition of unbound(8), a new unbound user is now
681	required during installworld.  "mergemaster -p" can be used to
682	add the user prior to installworld, as documented in the handbook.
683
68420130911:
685	OpenSSH is now built with DNSSEC support, and will by default
686	silently trust signed SSHFP records.  This can be controlled with
687	the VerifyHostKeyDNS client configuration setting.  DNSSEC support
688	can be disabled entirely with the WITHOUT_LDNS option in src.conf.
689
69020130906:
691	The GNU Compiler Collection and C++ standard library (libstdc++)
692	are no longer built by default on platforms where clang is the system
693	compiler.  You can enable them with the WITH_GCC and WITH_GNUCXX
694	options in src.conf.
695
69620130905:
697	The PROCDESC kernel option is now part of the GENERIC kernel
698	configuration and is required for the rwhod(8) to work.
699	If you are using custom kernel configuration, you should include
700	'options PROCDESC'.
701
70220130905:
703	The API and ABI related to the Capsicum framework was modified
704	in backward incompatible way. The userland libraries and programs
705	have to be recompiled to work with the new kernel. This includes the
706	following libraries and programs, but the whole buildworld is
707	advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
708	kdump, procstat, rwho, rwhod, uniq.
709
71020130903:
711	AES-NI intrinsic support has been added to gcc.  The AES-NI module
712	has been updated to use this support.  A new gcc is required to build
713	the aesni module on both i386 and amd64.
714
71520130821:
716	The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
717	Thus "device padlock_rng" and "device rdrand_rng" should be
718	used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".
719
72020130813:
721	WITH_ICONV has been split into two feature sets.  WITH_ICONV now
722	enables just the iconv* functionality and is now on by default.
723	WITH_LIBICONV_COMPAT enables the libiconv api and link time
724	compatability.  Set WITHOUT_ICONV to build the old way.
725	If you have been using WITH_ICONV before, you will very likely
726	need to turn on WITH_LIBICONV_COMPAT.
727
72820130806:
729	INVARIANTS option now enables DEBUG for code with OpenSolaris and
730	Illumos origin, including ZFS.  If you have INVARIANTS in your
731	kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
732	explicitly.
733	DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
734	locks if WITNESS option was set.  Because that generated a lot of
735	witness(9) reports and all of them were believed to be false
736	positives, this is no longer done.  New option OPENSOLARIS_WITNESS
737	can be used to achieve the previous behavior.
738
73920130806:
740	Timer values in IPv6 data structures now use time_uptime instead
741	of time_second.  Although this is not a user-visible functional
742	change, userland utilities which directly use them---ndp(8),
743	rtadvd(8), and rtsold(8) in the base system---need to be updated
744	to r253970 or later.
745
74620130802:
747	find -delete can now delete the pathnames given as arguments,
748	instead of only files found below them or if the pathname did
749	not contain any slashes. Formerly, the following error message
750	would result:
751
752	find: -delete: <path>: relative path potentially not safe
753
754	Deleting the pathnames given as arguments can be prevented
755	without error messages using -mindepth 1 or by changing
756	directory and passing "." as argument to find. This works in the
757	old as well as the new version of find.
758
75920130726:
760	Behavior of devfs rules path matching has been changed.
761	Pattern is now always matched against fully qualified devfs
762	path and slash characters must be explicitly matched by
763	slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
764	subdirectories must be reviewed.
765
76620130716:
767	The default ARM ABI has changed to the ARM EABI. The old ABI is
768	incompatible with the ARM EABI and all programs and modules will
769	need to be rebuilt to work with a new kernel.
770
771	To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.
772
773	NOTE: Support for the old ABI will be removed in the future and
774	users are advised to upgrade.
775
77620130709:
777	pkg_install has been disconnected from the build if you really need it
778	you should add WITH_PKGTOOLS in your src.conf(5).
779
78020130709:
781	Most of network statistics structures were changed to be able
782	keep 64-bits counters. Thus all tools, that work with networking
783	statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)
784
78520130629:
786	Fix targets that run multiple make's to use && rather than ;
787	so that subsequent steps depend on success of previous.
788
789	NOTE: if building 'universe' with -j* on stable/8 or stable/9
790	it would be better to start the build using bmake, to avoid
791	overloading the machine.
792
79320130618:
794	Fix a bug that allowed a tracing process (e.g. gdb) to write
795	to a memory-mapped file in the traced process's address space
796	even if neither the traced process nor the tracing process had
797	write access to that file.
798
79920130615:
800	CVS has been removed from the base system.  An exact copy
801	of the code is available from the devel/cvs port.
802
80320130613:
804	Some people report the following error after the switch to bmake:
805
806		make: illegal option -- J
807		usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
808			...
809		*** [buildworld] Error code 2
810
811	this likely due to an old instance of make in
812	${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
813	which src/Makefile will use that blindly, if it exists, so if
814	you see the above error:
815
816		rm -rf `make -V MAKEPATH`
817
818	should resolve it.
819
82020130516:
821	Use bmake by default.
822	Whereas before one could choose to build with bmake via
823	-DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
824	make. The goal is to remove these knobs for 10-RELEASE.
825
826	It is worth noting that bmake (like gmake) treats the command
827	line as the unit of failure, rather than statements within the
828	command line.  Thus '(cd some/where && dosomething)' is safer
829	than 'cd some/where; dosomething'. The '()' allows consistent
830	behavior in parallel build.
831
83220130429:
833        Fix a bug that allows NFS clients to issue READDIR on files.
834
83520130426:
836	The WITHOUT_IDEA option has been removed because
837	the IDEA patent expired.
838
83920130426:
840	The sysctl which controls TRIM support under ZFS has been renamed
841	from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
842	enabled by default.
843
84420130425:
845	The mergemaster command now uses the default MAKEOBJDIRPREFIX
846	rather than creating it's own in the temporary directory in
847	order allow access to bootstrapped versions of tools such as
848	install and mtree.  When upgrading from version of FreeBSD where
849	the install command does not support -l, you will need to
850	install a new mergemaster command if mergemaster -p is required.
851	This can be accomplished with the command (cd src/usr.sbin/mergemaster
852	&& make install).
853
85420130404:
855	Legacy ATA stack, disabled and replaced by new CAM-based one since
856	FreeBSD 9.0, completely removed from the sources.  Kernel modules
857	atadisk and atapi*, user-level tools atacontrol and burncd are
858	removed.  Kernel option `options ATA_CAM` is now permanently enabled
859	and removed.
860
86120130319:
862	SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
863	and socketpair(2). Software, in particular Kerberos, may
864	automatically detect and use these during building. The resulting
865	binaries will not work on older kernels.
866
86720130308:
868	CTL_DISABLE has also been added to the sparc64 GENERIC (for further
869	information, see the respective 20130304 entry).
870
87120130304:
872	Recent commits to callout(9) changed the size of struct callout,
873	so the KBI is probably heavily disturbed. Also, some functions
874	in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
875	by macros. Every kernel module using it won't load, so rebuild
876	is requested.
877
878	The ctl device has been re-enabled in GENERIC for i386 and amd64,
879	but does not initialize by default (because of the new CTL_DISABLE
880	option) to save memory.  To re-enable it, remove the CTL_DISABLE
881	option from the kernel config file or set kern.cam.ctl.disable=0
882	in /boot/loader.conf.
883
88420130301:
885	The ctl device has been disabled in GENERIC for i386 and amd64.
886	This was done due to the extra memory being allocated at system
887	initialisation time by the ctl driver which was only used if
888	a CAM target device was created.  This makes a FreeBSD system
889	unusable on 128MB or less of RAM.
890
89120130208:
892	A new compression method (lz4) has been merged to -HEAD.  Please
893	refer to zpool-features(7) for more information.
894
895	Please refer to the "ZFS notes" section of this file for information
896	on upgrading boot ZFS pools.
897
89820130129:
899	A BSD-licensed patch(1) variant has been added and is installed
900	as bsdpatch, being the GNU version the default patch.
901	To inverse the logic and use the BSD-licensed one as default,
902	while having the GNU version installed as gnupatch, rebuild
903	and install world with the WITH_BSD_PATCH knob set.
904
90520130121:
906	Due to the use of the new -l option to install(1) during build
907	and install, you must take care not to directly set the INSTALL
908	make variable in your /etc/make.conf, /etc/src.conf, or on the
909	command line.  If you wish to use the -C flag for all installs
910	you may be able to add INSTALL+=-C to /etc/make.conf or
911	/etc/src.conf.
912
91320130118:
914	The install(1) option -M has changed meaning and now takes an
915	argument that is a file or path to append logs to.  In the
916	unlikely event that -M was the last option on the command line
917	and the command line contained at least two files and a target
918	directory the first file will have logs appended to it.  The -M
919	option served little practical purpose in the last decade so its
920	use is expected to be extremely rare.
921
92220121223:
923	After switching to Clang as the default compiler some users of ZFS
924	on i386 systems started to experience stack overflow kernel panics.
925	Please consider using 'options KSTACK_PAGES=4' in such configurations.
926
92720121222:
928	GEOM_LABEL now mangles label names read from file system metadata.
929	Mangling affect labels containing spaces, non-printable characters,
930	'%' or '"'. Device names in /etc/fstab and other places may need to
931	be updated.
932
93320121217:
934	By default, only the 10 most recent kernel dumps will be saved.  To
935	restore the previous behaviour (no limit on the number of kernel dumps
936	stored in the dump directory) add the following line to /etc/rc.conf:
937
938		savecore_flags=""
939
94020121201:
941	With the addition of auditdistd(8), a new auditdistd user is now
942	required during installworld.  "mergemaster -p" can be used to
943	add the user prior to installworld, as documented in the handbook.
944
94520121117:
946	The sin6_scope_id member variable in struct sockaddr_in6 is now
947	filled by the kernel before passing the structure to the userland via
948	sysctl or routing socket.  This means the KAME-specific embedded scope
949	id in sin6_addr.s6_addr[2] is always cleared in userland application.
950	This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
951	__FreeBSD_version is bumped to 1000025.
952
95320121105:
954	On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
955	This means that the world and kernel will be compiled with clang
956	and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
957	and /usr/bin/cpp.  To disable this behavior and revert to building
958	with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
959	of current may need to bootstrap WITHOUT_CLANG first if the clang
960	build fails (its compatibility window doesn't extend to the 9 stable
961	branch point).
962
96320121102:
964	The IPFIREWALL_FORWARD kernel option has been removed. Its
965	functionality now turned on by default.
966
96720121023:
968	The ZERO_COPY_SOCKET kernel option has been removed and
969	split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
970	NB: SOCKET_SEND_COW uses the VM page based copy-on-write
971	mechanism which is not safe and may result in kernel crashes.
972	NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
973	driver supports disposeable external page sized mbuf storage.
974	Proper replacements for both zero-copy mechanisms are under
975	consideration and will eventually lead to complete removal
976	of the two kernel options.
977
97820121023:
979	The IPv4 network stack has been converted to network byte
980	order. The following modules need to be recompiled together
981	with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
982	pf(4), ipfw(4), ng_ipfw(4), stf(4).
983
98420121022:
985	Support for non-MPSAFE filesystems was removed from VFS. The
986	VFS_VERSION was bumped, all filesystem modules shall be
987	recompiled.
988
98920121018:
990	All the non-MPSAFE filesystems have been disconnected from
991	the build. The full list includes: codafs, hpfs, ntfs, nwfs,
992	portalfs, smbfs, xfs.
993
99420121016:
995	The interface cloning API and ABI has changed. The following
996	modules need to be recompiled together with kernel:
997	ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
998	vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
999	faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).
1000
100120121015:
1002	The sdhci driver was split in two parts: sdhci (generic SD Host
1003	Controller logic) and sdhci_pci (actual hardware driver).
1004	No kernel config modifications are required, but if you
1005	load sdhc as a module you must switch to sdhci_pci instead.
1006
100720121014:
1008	Import the FUSE kernel and userland support into base system.
1009
101020121013:
1011	The GNU sort(1) program has been removed since the BSD-licensed
1012	sort(1) has been the default for quite some time and no serious
1013	problems have been reported.  The corresponding WITH_GNU_SORT
1014	knob has also gone.
1015
101620121006:
1017	The pfil(9) API/ABI for AF_INET family has been changed. Packet
1018	filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
1019	with new kernel.
1020
102120121001:
1022	The net80211(4) ABI has been changed to allow for improved driver
1023	PS-POLL and power-save support.  All wireless drivers need to be
1024	recompiled to work with the new kernel.
1025
102620120913:
1027	The random(4) support for the VIA hardware random number
1028	generator (`PADLOCK') is no longer enabled unconditionally.
1029	Add the padlock_rng device in the custom kernel config if
1030	needed.  The GENERIC kernels on i386 and amd64 do include the
1031	device, so the change only affects the custom kernel
1032	configurations.
1033
103420120908:
1035	The pf(4) packet filter ABI has been changed. pfctl(8) and
1036	snmp_pf module need to be recompiled to work with new kernel.
1037
103820120828:
1039	A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
1040	to -HEAD. Pools that have empty_bpobj in active state can not be
1041	imported read-write with ZFS implementations that do not support
1042	this feature. For more information read the zpool-features(5)
1043	manual page.
1044
104520120727:
1046	The sparc64 ZFS loader has been changed to no longer try to auto-
1047	detect ZFS providers based on diskN aliases but now requires these
1048	to be explicitly listed in the OFW boot-device environment variable.
1049
105020120712:
1051	The OpenSSL has been upgraded to 1.0.1c.  Any binaries requiring
1052	libcrypto.so.6 or libssl.so.6 must be recompiled.  Also, there are
1053	configuration changes.  Make sure to merge /etc/ssl/openssl.cnf.
1054
105520120712:
1056	The following sysctls and tunables have been renamed for consistency
1057	with other variables:
1058	  kern.cam.da.da_send_ordered   -> kern.cam.da.send_ordered
1059	  kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered
1060
106120120628:
1062	The sort utility has been replaced with BSD sort.  For now, GNU sort
1063	is also available as "gnusort" or the default can be set back to
1064	GNU sort by setting WITH_GNU_SORT.  In this case, BSD sort will be
1065	installed as "bsdsort".
1066
106720120611:
1068	A new version of ZFS (pool version 5000) has been merged to -HEAD.
1069	Starting with this version the old system of ZFS pool versioning
1070	is superseded by "feature flags". This concept enables forward
1071	compatibility against certain future changes in functionality of ZFS
1072	pools. The first read-only compatible "feature flag" for ZFS pools
1073	is named "com.delphix:async_destroy". For more information
1074	read the new zpool-features(5) manual page.
1075	Please refer to the "ZFS notes" section of this file for information
1076	on upgrading boot ZFS pools.
1077
107820120417:
1079	The malloc(3) implementation embedded in libc now uses sources imported
1080	as contrib/jemalloc.  The most disruptive API change is to
1081	/etc/malloc.conf.  If your system has an old-style /etc/malloc.conf,
1082	delete it prior to installworld, and optionally re-create it using the
1083	new format after rebooting.  See malloc.conf(5) for details
1084	(specifically the TUNING section and the "opt.*" entries in the MALLCTL
1085	NAMESPACE section).
1086
108720120328:
1088	Big-endian MIPS TARGET_ARCH values no longer end in "eb".  mips64eb
1089	is now spelled mips64.  mipsn32eb is now spelled mipsn32.  mipseb is
1090	now spelled mips.  This is to aid compatibility with third-party
1091	software that expects this naming scheme in uname(3).  Little-endian
1092	settings are unchanged. If you are updating a big-endian mips64 machine
1093	from before this change, you may need to set MACHINE_ARCH=mips64 in
1094	your environment before the new build system will recognize your machine.
1095
109620120306:
1097	Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
1098	platforms.
1099
110020120229:
1101	Now unix domain sockets behave "as expected" on	nullfs(5). Previously
1102	nullfs(5) did not pass through all behaviours to the underlying layer,
1103	as a result if we bound to a socket on the lower layer we could connect
1104	only to the lower path; if we bound to the upper layer we could connect
1105	only to	the upper path. The new behavior is one can connect to both the
1106	lower and the upper paths regardless what layer path one binds to.
1107
110820120211:
1109	The getifaddrs upgrade path broken with 20111215 has been restored.
1110	If you have upgraded in between 20111215 and 20120209 you need to
1111	recompile libc again with your kernel.  You still need to recompile
1112	world to be able to configure CARP but this restriction already
1113	comes from 20111215.
1114
111520120114:
1116	The set_rcvar() function has been removed from /etc/rc.subr.  All
1117	base and ports rc.d scripts have been updated, so if you have a
1118	port installed with a script in /usr/local/etc/rc.d you can either
1119	hand-edit the rcvar= line, or reinstall the port.
1120
1121	An easy way to handle the mass-update of /etc/rc.d:
1122	rm /etc/rc.d/* && mergemaster -i
1123
112420120109:
1125	panic(9) now stops other CPUs in the SMP systems, disables interrupts
1126	on the current CPU and prevents other threads from running.
1127	This behavior can be reverted using the kern.stop_scheduler_on_panic
1128	tunable/sysctl.
1129	The new behavior can be incompatible with kern.sync_on_panic.
1130
113120111215:
1132	The carp(4) facility has been changed significantly. Configuration
1133	of the CARP protocol via ifconfig(8) has changed, as well as format
1134	of CARP events submitted to devd(8) has changed. See manual pages
1135	for more information. The arpbalance feature of carp(4) is currently
1136	not supported anymore.
1137
1138	Size of struct in_aliasreq, struct in6_aliasreq has changed. User
1139	utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
1140	need to be recompiled.
1141
114220111122:
1143	The acpi_wmi(4) status device /dev/wmistat has been renamed to
1144	/dev/wmistat0.
1145
114620111108:
1147	The option VFS_ALLOW_NONMPSAFE option has been added in order to
1148	explicitely support non-MPSAFE filesystems.
1149	It is on by default for all supported platform at this present
1150	time.
1151
115220111101:
1153	The broken amd(4) driver has been replaced with esp(4) in the amd64,
1154	i386 and pc98 GENERIC kernel configuration files.
1155
115620110930:
1157	sysinstall has been removed
1158
115920110923:
1160	The stable/9 branch created in subversion.  This corresponds to the
1161	RELENG_9 branch in CVS.
1162
1163COMMON ITEMS:
1164
1165	General Notes
1166	-------------
1167	Avoid using make -j when upgrading.  While generally safe, there are
1168	sometimes problems using -j to upgrade.  If your upgrade fails with
1169	-j, please try again without -j.  From time to time in the past there
1170	have been problems using -j with buildworld and/or installworld.  This
1171	is especially true when upgrading between "distant" versions (eg one
1172	that cross a major release boundary or several minor releases, or when
1173	several months have passed on the -current branch).
1174
1175	Sometimes, obscure build problems are the result of environment
1176	poisoning.  This can happen because the make utility reads its
1177	environment when searching for values for global variables.  To run
1178	your build attempts in an "environmental clean room", prefix all make
1179	commands with 'env -i '.  See the env(1) manual page for more details.
1180
1181	When upgrading from one major version to another it is generally best
1182	to upgrade to the latest code in the currently installed branch first,
1183	then do an upgrade to the new branch. This is the best-tested upgrade
1184	path, and has the highest probability of being successful.  Please try
1185	this approach before reporting problems with a major version upgrade.
1186
1187	When upgrading a live system, having a root shell around before
1188	installing anything can help undo problems. Not having a root shell
1189	around can lead to problems if pam has changed too much from your
1190	starting point to allow continued authentication after the upgrade.
1191
1192	This file should be read as a log of events. When a later event changes
1193	information of a prior event, the prior event should not be deleted.
1194	Instead, a pointer to the entry with the new information should be
1195	placed in the old entry. Readers of this file should also sanity check
1196	older entries before relying on them blindly. Authors of new entries
1197	should write them with this in mind.
1198
1199	ZFS notes
1200	---------
1201	When upgrading the boot ZFS pool to a new version, always follow
1202	these two steps:
1203
1204	1.) recompile and reinstall the ZFS boot loader and boot block
1205	(this is part of "make buildworld" and "make installworld")
1206
1207	2.) update the ZFS boot block on your boot drive
1208
1209	The following example updates the ZFS boot block on the first
1210	partition (freebsd-boot) of a GPT partitioned drive ada0:
1211	"gpart bootcode -p /boot/gptzfsboot -i 1 ada0"
1212
1213	Non-boot pools do not need these updates.
1214
1215	To build a kernel
1216	-----------------
1217	If you are updating from a prior version of FreeBSD (even one just
1218	a few days old), you should follow this procedure.  It is the most
1219	failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,
1220
1221	make kernel-toolchain
1222	make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
1223	make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
1224
1225	To test a kernel once
1226	---------------------
1227	If you just want to boot a kernel once (because you are not sure
1228	if it works, or if you want to boot a known bad kernel to provide
1229	debugging information) run
1230	make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
1231	nextboot -k testkernel
1232
1233	To just build a kernel when you know that it won't mess you up
1234	--------------------------------------------------------------
1235	This assumes you are already running a CURRENT system.  Replace
1236	${arch} with the architecture of your machine (e.g. "i386",
1237	"arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).
1238
1239	cd src/sys/${arch}/conf
1240	config KERNEL_NAME_HERE
1241	cd ../compile/KERNEL_NAME_HERE
1242	make depend
1243	make
1244	make install
1245
1246	If this fails, go to the "To build a kernel" section.
1247
1248	To rebuild everything and install it on the current system.
1249	-----------------------------------------------------------
1250	# Note: sometimes if you are running current you gotta do more than
1251	# is listed here if you are upgrading from a really old current.
1252
1253	<make sure you have good level 0 dumps>
1254	make buildworld
1255	make kernel KERNCONF=YOUR_KERNEL_HERE
1256							[1]
1257	<reboot in single user>				[3]
1258	mergemaster -Fp					[5]
1259	make installworld
1260	mergemaster -Fi					[4]
1261	make delete-old					[6]
1262	<reboot>
1263
1264	To cross-install current onto a separate partition
1265	--------------------------------------------------
1266	# In this approach we use a separate partition to hold
1267	# current's root, 'usr', and 'var' directories.   A partition
1268	# holding "/", "/usr" and "/var" should be about 2GB in
1269	# size.
1270
1271	<make sure you have good level 0 dumps>
1272	<boot into -stable>
1273	make buildworld
1274	make buildkernel KERNCONF=YOUR_KERNEL_HERE
1275	<maybe newfs current's root partition>
1276	<mount current's root partition on directory ${CURRENT_ROOT}>
1277	make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC
1278	make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
1279	make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
1280	cp /etc/fstab ${CURRENT_ROOT}/etc/fstab 		   # if newfs'd
1281	<edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
1282	<reboot into current>
1283	<do a "native" rebuild/install as described in the previous section>
1284	<maybe install compatibility libraries from ports/misc/compat*>
1285	<reboot>
1286
1287
1288	To upgrade in-place from stable to current
1289	----------------------------------------------
1290	<make sure you have good level 0 dumps>
1291	make buildworld					[9]
1292	make kernel KERNCONF=YOUR_KERNEL_HERE		[8]
1293							[1]
1294	<reboot in single user>				[3]
1295	mergemaster -Fp					[5]
1296	make installworld
1297	mergemaster -Fi					[4]
1298	make delete-old					[6]
1299	<reboot>
1300
1301	Make sure that you've read the UPDATING file to understand the
1302	tweaks to various things you need.  At this point in the life
1303	cycle of current, things change often and you are on your own
1304	to cope.  The defaults can also change, so please read ALL of
1305	the UPDATING entries.
1306
1307	Also, if you are tracking -current, you must be subscribed to
1308	freebsd-current@freebsd.org.  Make sure that before you update
1309	your sources that you have read and understood all the recent
1310	messages there.  If in doubt, please track -stable which has
1311	much fewer pitfalls.
1312
1313	[1] If you have third party modules, such as vmware, you
1314	should disable them at this point so they don't crash your
1315	system on reboot.
1316
1317	[3] From the bootblocks, boot -s, and then do
1318		fsck -p
1319		mount -u /
1320		mount -a
1321		cd src
1322		adjkerntz -i		# if CMOS is wall time
1323	Also, when doing a major release upgrade, it is required that
1324	you boot into single user mode to do the installworld.
1325
1326	[4] Note: This step is non-optional.  Failure to do this step
1327	can result in a significant reduction in the functionality of the
1328	system.  Attempting to do it by hand is not recommended and those
1329	that pursue this avenue should read this file carefully, as well
1330	as the archives of freebsd-current and freebsd-hackers mailing lists
1331	for potential gotchas.  The -U option is also useful to consider.
1332	See mergemaster(8) for more information.
1333
1334	[5] Usually this step is a noop.  However, from time to time
1335	you may need to do this if you get unknown user in the following
1336	step.  It never hurts to do it all the time.  You may need to
1337	install a new mergemaster (cd src/usr.sbin/mergemaster && make
1338	install) after the buildworld before this step if you last updated
1339	from current before 20130425 or from -stable before 20130430.
1340
1341	[6] This only deletes old files and directories. Old libraries
1342	can be deleted by "make delete-old-libs", but you have to make
1343	sure that no program is using those libraries anymore.
1344
1345	[8] In order to have a kernel that can run the 4.x binaries needed to
1346	do an installworld, you must include the COMPAT_FREEBSD4 option in
1347	your kernel.  Failure to do so may leave you with a system that is
1348	hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is
1349	required to run the 5.x binaries on more recent kernels.  And so on
1350	for COMPAT_FREEBSD6 and COMPAT_FREEBSD7.
1351
1352	Make sure that you merge any new devices from GENERIC since the
1353	last time you updated your kernel config file.
1354
1355	[9] When checking out sources, you must include the -P flag to have
1356	cvs prune empty directories.
1357
1358	If CPUTYPE is defined in your /etc/make.conf, make sure to use the
1359	"?=" instead of the "=" assignment operator, so that buildworld can
1360	override the CPUTYPE if it needs to.
1361
1362	MAKEOBJDIRPREFIX must be defined in an environment variable, and
1363	not on the command line, or in /etc/make.conf.  buildworld will
1364	warn if it is improperly defined.
1365FORMAT:
1366
1367This file contains a list, in reverse chronological order, of major
1368breakages in tracking -current.  It is not guaranteed to be a complete
1369list of such breakages, and only contains entries since September 23, 2011.
1370If you need to see UPDATING entries from before that date, you will need
1371to fetch an UPDATING file from an older FreeBSD release.
1372
1373Copyright information:
1374
1375Copyright 1998-2009 M. Warner Losh.  All Rights Reserved.
1376
1377Redistribution, publication, translation and use, with or without
1378modification, in full or in part, in any form or format of this
1379document are permitted without further permission from the author.
1380
1381THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
1382IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1383WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1384DISCLAIMED.  IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
1385INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1386(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1387SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1388HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1389STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1390IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1391POSSIBILITY OF SUCH DAMAGE.
1392
1393Contact Warner Losh if you have any questions about your use of
1394this document.
1395
1396$FreeBSD$
1397