This file documents some of the problems you may encounter when upgrading your ports. We try our best to minimize these disruptions, but sometimes they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. 20170213: AFFECTS: users of www/node* AUTHOR: bradleythughes@fastmail.fm The BUNDLED_SSL option is now enabled by default on FreeBSD 10, since Node.js requires OpenSSL 1.0.2, and FreeBSD 10 is shipped with 1.0.1. 20170213: AFFECTS: users of graphics/libGL, graphics/libEGL, graphics/libglesv2 AUTHOR: kwm@FreeBSD.org The workaround for handling conflicting libraries between the nvidia-driver, libGL, libEGL and libglesv2 ports was removed. If the nvidia-driver port is updated before the other ports, it will remove the libraries of said ports. This is a side effect of how the workaround worked. If this happens reinstalling the affected port is enough. pkg users can run: pkg install -f libGL libEGL libglesv2 20170211: AFFECTS: users of x11-server/xorg-server AUTHOR: rezny@FreeBSD.org Xorg server has been updated to 1.18.4 and autodetection has changed. The order in which drivers are now attempted is: 1) vendor/model specific driver according to PCI IDs 2) generic modesetting driver which requires a drm driver with KMS 3) scfb, the generic framebuffer driver 4) vesa (only if arch is x86) This should minimize the need for xorg.conf files. It is recommended to load the correct KMS driver (i915kms.ko or radeonkms.ko) via rc.conf, i.e. kld_list="i915kms.ko", to ensure correct functionality. Although the vendor drivers may attempt to load the correct drm driver, which does not always work, the modesetting driver assumes the required KMS driver is already loaded and will fail if there is none. The modesetting driver is now recommended as an alternative to the Intel driver; the performance is comparable and stability is better with modesetting. The ATI driver continues to offer better performance than modesetting. 20170203: AFFECTS: users of security/libressl-devel AUTHOR: brnrd@FreeBSD.org The version 2.5.1 bumps the libcrypto, libssl and libtls shared library versions. You will have to rebuild all packages that depend on libressl-devel. Check the 20160811 libressl entry for more detailed guidance on rebuilding. 20170202: AFFECTS: users of www/uwsgi AUTHOR: feld@FreeBSD.org The previous disruptive changes to uwsgi for security have been remediated through creation of a dedicated uwsgi user/group and utilizing the uwsgi feature to set socket ownership. The uwsgi daemon by default now has the following properties: * Process runs as uwsgi user and group (UID/GID 165) * Socket mode is 660, still protecting unauthorized access from "other" * Socket ownership is www:www, restoring compatibility 20170130: AFFECTS: users of devel/ice, devel/py-ice, devel/php5-ice AUTHOR: grembo@FreeBSD.org Since __WORDSIZE as defined by always reports 32 when using C++98/03 (unless __STDC_LIMIT_MACROS is set explictly), Ice 3.6.3 used "long long" for Int64 instead of "long" on 64-bit platforms by mistake. A workaround has been added in version 3.6.3_2 of these three ports, requiring to upgrade all of them at the same time and to rebuild all custom code that links against them. 20170129: AFFECTS: users of multimedia/motion AUTHOR: jhale@FreeBSD.org Version 3.x expected the configuration files to reside in: ${LOCALBASE}/etc Version 4.x expects the configuration files to reside in: ${LOCALBASE}/etc/motion This was unfortunately overlooked when the port was updated to 4.x, but it has now been fixed to install the default configuration file in the new location. The rc script now checks for motion.conf in the new location. While you may be able to simply copy your old motion.conf to the new location, it is recommended to review ${LOCALBASE}/etc/motion/motion.conf and make changes to it based on your old ${LOCALBASE}/etc/motion.conf as some options have been added and removed. Further, if you use motion with multiple cameras and have ${LOCALBASE}/etc/thread[0-9].conf files, they should be moved to ${LOCALBASE}/etc/motion as well. These files are deprecated and should be renamed to camera[0-9].conf and in motion.conf, lines like: thread /usr/local/etc/thread1.conf Should be converted to: camera /usr/local/etc/motion/camera1.conf 20170127: AFFECTS: users of www/uwsgi AUTHOR: feld@FreeBSD.org The default socket mode for uwsgi as 777 is a severe security concern. This has been remediated by changing the rc script to default to 600. The mode is configurable with rc.conf values: uwsgi_socket_mode="600" or for a profile named "www", uwsgi_www_socket_mode="600". 20170121: AFFECTS: users of security/tinc AUTHOR: dinoex@FreeBSD.org this version of tinc requires all nodes in the VPN to be linked with a version of OpenSSL or LibreSSL that supports the AES256 and SHA256 algorithms. 20170120: AFFECTS: users of databases/mysql56-server AUTHOR: feld@FreeBSD.org databases/mysql56-server was updated to 5.6.35 which included backported rc script changes from the mysql57-server port. This broke mysql_optfile in rc.conf and also forced a sample my.cnf if none existed. MySQL has some parameters which cannot be changed after a database has been created, so this caused MySQL to fail to start. This change was reverted in mysql56-server-5.6.35_1 An additional change was made in mysql56-server-5.6.35_2 to prevent automatic loading of a sample my.cnf which was causing issues for users who were running without a my.cnf. 20170117: AFFECTS: users of EoL'ed FreeBSD versions (<10.3, 11 prior to 11.0) AUTHOR: amdmi3@FreeBSD.org The ports system will now refuse to build anything if it's run on outdated system version. This protects users from unexpected build failures after code to support EoL'ed systems is removed from the tree. You may define ALLOW_UNSUPPORTED_SYSTEM to override this and allow builds, but no support will be provided in case of failures. 20170116: AFFECTS: users of java/wildfly10 AUTHOR: olgeni@FreeBSD.org The java/wildfly10 port has been updated to 10.1.0. To complete the migration you must copy your existing configuration (directories "appclient", "standalone", and "domain") from /usr/local/wildfly-10.0.0 to /usr/local/wildfly10. 20170115: AFFECTS: users of net-mgmt/librenms AUTHOR: dvl@FreeBSD.org The following is recommended for /var/db/mysql/my.cnf NOTE: these are global settings. Please read this first: http://dev.mysql.com/doc/refman/5.7/en/sql-mode.html [mysqld] innodb_file_per_table=1 sql-mode="" 20170109: AFFECTS: users of lang/ruby22 AUTHOR: swills@FreeBSD.org The default ruby version has been updated from 2.2 to 2.3. If you compile your own ports you may keep 2.2 as the default version by adding the following lines to your /etc/make.conf file: # # Keep ruby 2.2 as default version # DEFAULT_VERSIONS+=ruby=2.2 If you wish to update to the new default version, you need to first stop any software that uses ruby. Then, you will need to follow these steps, depending upon how you manage your system. If you use pkgng, simply upgrade: # pkg upgrade If you use portmaster, install new ruby, then rebuild all ports that depend on ruby: # portmaster -o lang/ruby23 lang/ruby22 # portmaster -R -r ruby-2.3 If you use portupgrade, install new ruby, then rebuild all ports that depend on ruby: # pkg delete -f ruby portupgrade # make -C /usr/ports/ports-mgmt/portupgrade install clean # pkg set -o lang/ruby22:lang/ruby23 # portupgrade -x ruby-2.3.\* -fr lang/ruby23 20170102: AFFECTS: multimedia/ffmpeg AUTHOR: jbeich@FreeBSD.org OPTIMIZED_CFLAGS switched to only use vendor optimizations which means -ffast-math -fno-finite-math-only are no longer applied. If you did like the former behavior consider adding # multimedia/ffmpeg/Makefile.local OPTIMIZED_CFLAGS_CFLAGS += -ffast-math -fno-finite-math-only or # /etc/make.conf .if ${.CURDIR:M*/multimedia/ffmpeg} CFLAGS += -ffast-math -fno-finite-math-only .endif 20161230: AFFECTS: users of x11/xfce4-terminal AUTHOR: olivierd@FreeBSD.org The port has been updated to the latest stable version 0.8.2. Please, don't active the hidden 'MiscSlimTabs' option in ~/.config/xfce4/terminal/terminalrc, it requires Gtk+ > 3.20. 20161228: AFFECTS: users of multimedia/mlt AUTHOR: avilla@FreeBSD.org MLT Qt plugins have been moved to their own ports, mlt-qt4 and mlt-qt5. Please, uninstall multimedia/mlt before you update: # pkg delete mlt 20161227: AFFECTS: users of security/openvpn, security/openvpn-polarssl AUTHOR: Matthias Andree The OpenVPN ports have been updated to the new upstream release v2.4, and their predecessors preserved as openvpn23 and openvpn23-polarssl, respectively. Note that for the new v2.4 release, the openvpn-polarssl port has been renamed to openvpn-mbedtls to match the upstream library's new name. 20161218: AFFECTS: users of www/nghttp2 AUTHOR: sunpoet@FreeBSD.org nghttp2 has been split into 2 ports: www/libnghttp2 for core library and www/nghttp2 for the rest. Please uninstall nghttp2 before you update this port. 20161216: AFFECTS: mail/thunderbird, www/seamonkey AUTHOR: gecko@FreeBSD.org ENIGMAIL is no longer provided as part of the ports after upstream dropped binary components in 1.9. Go to Tools -> Add-ons Manager then type "enigmail" in the search box to install. 20161213: AFFECTS: users of devel/skalibs, lang/execline, sysutils/s6 AUTHOR: Colin Booth skalibs has undergone a major version bump and compatibility is not guaranteed for software with a runtime dependency on libskarnet.so.2.3.9.0. This will not affect lang/execline or sysutils/s6 as those are statically linked against libskarnet.a. execline has undergone a major version bump and compatibility is not guaranteed for software with a runtime dependency on libexecline.so.2.1.4.5. This will not affect sysutils/s6 as all s6 programs are statically linked against libexecline.a. s6 has undergone a major version bump and compatibility is not guaranteed for software with a runtime dependency on libs6.so.2.2.4.3. Additionally, s6-applyuidgid and s6-setuidgid have moved from $PREFIX/sbin to $PREFIX/bin. Any scripts calling those utilities that are not relying on $PATH resolution to find them will need to be rewritten. 20161207: AFFECTS: users of www/node AUTHOR: bradleythughes@fastmail.fm The www/node port has been updated to node.js v7.2.0, the latest upstream release. A new port, www/node6, has been created for the v6.x LTS branch. Users wanting to stay on v6.x can replace www/node with www/node6 with one of the following commands: # pkg set -o www/node:www/node6 or # portmaster -o www/node6 www/node or # portupgrade -o www/node6 www/node 20161202: AFFECTS: Users of textproc/p5-Search-Elasticsearch AUTHOR: tj@FreeBSD.org As of the 5.01 release of ths package, the client libraries for older versions of Elasticsearch have started to be shipped seperately. If you are using this library to access a none 5.X server you will need to install one of the textproc/p5-Search-Elasticsearch-Client-* ports. 20161126: AFFECTS: Users of security/gpgme-* AUTHOR: jhale@FreeBSD.org Gpgme has been updated to 1.8.0. With it comes the removal of libgpgme-pthread.so in favor of using libgpgme.so itself as the thread-safe library. Ports that may have linked to -lgpgme-pthread will now just link to -lgpgme. PORTREVISION has been bumped on all ports with a dependency on security/gpgme. The Python module provided by security/py-gpgme has been renamed from pyme3 to gpg, as well. Portmaster users: portmaster -r gpgme Portupgrade users: portupgrade -fr security/gpgme 20161121: AFFECTS: Users of graphics/tiff AUTHOR: antoine@FreeBSD.org The tiff port was updated to 4.0.7. The following tools are removed from this release: bmp2tiff, gif2tiff, ras2tiff, rgb2ycbcr and thumbnail. 20161116: AFFECTS: Users of sysutils/bareos-* AUTHOR: rand@iteris.com Bareos v1.6.x changed the configuration scheme, from one configuration file per Bareos component (file daemon, storage daemon, and director) to several configuration files, in several directories, for each component. See http://doc.bareos.org/master/html/bareos-manual-main-reference.html The new scheme will use all files named *.conf in the directory hierarchies for each component: /usr/local/etc/bareos/bareos-dir.d/ /usr/local/etc/bareos/bareos-fd.d/ /usr/local/etc/bareos/bareos-sd.d/ To retain the old configuration scheme of one file per component add appropriate lines such as these to your /etc/rc.conf: bareos_dir_config="/usr/local/etc/bareos/bareos-dir.conf" bareos_fd_config="/usr/local/etc/bareos/bareos-fd.conf" bareos_sd_config="/usr/local/etc/bareos/bareos-sd.conf" 20161113: AFFECTS: users of devel/libosinfo AUTHOR: novel@FreeBSD.org The libosinfo port was separated into three different ports to follow the upstream split: - sysutils/osinfo-db-tools: contains the CLI tools - misc/osinfo-db: contains database with OS data - devel/libosinfo: the library As osinfo-db-tools now ships binaries that previously were part of libosinfo, it's required to delete the old libosinfo package to prevent conflict because of same files installation: # pkg delete libosinfo And then install the new version. 20161112: AFFECTS: users of security/heimdal AUTHOR: hrs@FreeBSD.org Heimdal in the base system and security/heimdal <= 1.5.3_6 use Berkeley DB to store principals into /var/heimdal/heimdal.db and the database format is version 3 by default. On the other hand, security/heimdal 1.5.3_7 or newer use the newer version of Berkeley DB and the database format is version 9. These two versions are not compatible with each other. If there is a mismatch between Heimdal utilities and its database format, you will get an error like the following: # /usr/local/sbin/kadmin -l dump BDB0641 __db_meta_setup: /var/heimdal/heimdal.db: unexpected file type or format kadmin: hdb_open: opening /var/heimdal/heimdal: Invalid argument This mismatch can occur in the following three cases: 1. You used Heimdal in the base system and switch to use security/heimdal after creating /var/db/heimdal.db. 2. You used security/heimdal >= 1.5.3_7 and switch to use one in the base system. 3. You used security/heimdal < 1.5.3_7 and upgrade it to 1.5.3_7 or later. To fix this mismatch, you need to dump contents of heimdal.db and rebuild the database by using kadmin(8) utility. If you use Heimdal in the base system or older versions of security/heimdal, and plan to switch to use security/heimdal >= 1.5.3_7, execute the following command *after* creating a backup copy of /var/heimdal and installing security/heimdal: # /usr/bin/kadmin -l dump /var/heimdal/heimdal.db.dump # rm /var/heimdal/heimdal.db # /usr/local/sbin/kadmin -l load /var/heimdal/heimdal.db.dump # rm /var/heimdal/heimdal.db.dump The above example assumes security/heimdal is installed into /usr/local. If your base system is compiled with WITHOUT_KERBEROS use the following instead: # db_dump185-5 /var/heimdal/heimdal.db | db_load-5 /var/heimdal/heimdal.db.new # chown 0600 /var/heimdal/heimdal.db.new # mv /var/heimdal/heimdal.db.new /var/heimdal/heimdal.db db_dump and db_load utilitites are installed by database/db5 as dependency of security/heimdal. If you want to switch from security/heimdal to Heimdal in the base system, use the following: # /usr/local/sbin/kadmin -l dump /var/heimdal/heimdal.db.dump # rm /var/heimdal/heimdal.db # /usr/bin/kadmin -l load /var/heimdal/heimdal.db.dump # rm /var/heimdal/heimdal.db.dump 20161105: AFFECTS: users of security/heimdal AUTHOR: hrs@FreeBSD.org kadmin(8) in heimdal-1.5.3_5 and prior did not create a database in /var/heimdal in Berkeley DB format which kdc(8) required. This problem has been fixed in heimdal-1.5.3_6. 20161104: AFFECTS: users of mail/mu4e and mail/mu4e-maildirs AUTHOR: hrs@FreeBSD.org The package name of mail/mu4e* have been changed from mu4e* to mu4e*-emacsNN. When upgrading the older versions, this change can cause the following error which prevents it from upgrading: pkg-static: mu4e-emacs25-0.9.16 conflicts with mu4e-0.9.16 (installs files into the same place). If this error occurs, please remove the old packages by using "pkg delete" manually: # pkg delete mu4e-0.9.16 mu4e-maildirs-0.8.20160126_1 20161103: AFFECTS: users of lang/perl5* AUTHOR: mat@FreeBSD.org The default Perl version has been switched to Perl 5.24. If you are using binary packages to upgrade your system, you do not have anything to do, pkg upgrade will do the right thing. For the other people, assuming you are migrating from 5.20 to 5.24, do: First, add to /etc/make.conf: DEFAULT_VERSIONS+= perl5=5.24 Portupgrade users: portupgrade -o lang/perl5.24 -f lang/perl5.20 You can now remove the DEFAULT_VERSIONS line added earlier from /etc/make.conf Then you will need to rebuild everything that uses libperl.so, you can do so with: portupgrade -f `pkg shlib -qR libperl.so.5.20` Portmaster users: portmaster -o lang/perl5.24 lang/perl5.20 You can now remove the DEFAULT_VERSIONS line added earlier from /etc/make.conf Then you will need to rebuild everything that uses libperl.so, you can do so with: portmaster -f `pkg shlib -qR libperl.so.5.20` 20161102: AFFECTS: users of security/acme-client AUTHOR: brnrd@FreeBSD.org The default configuration paths have changed from 'letsencrypt' to 'acme'. Rename the directories used accordingly mv /usr/local/etc/letsencrypt /usr/local/etc/acme mv /usr/local/etc/ssl/letsencrypt /usr/local/etc/ssl/acme mv /usr/local/www/letsencrypt /usr/local/www/acme Check your scripts to ensure proper operation. 20161030: AFFECTS: users of mail/squirrelmail AUTHOR: adamw@FreeBSD.org For better php70 support, the squirrelmail port has switched from PEAR database access to PDO. If you are using squirrelmail with a database backend, you'll need to install a corresponding PDO database module, such as php56-pdo_sqlite. 20161030: AFFECTS: users of security/srm AUTHOR: rakuco@FreeBSD.org srm has been updated from 1.2.12 to 1.2.15. Since version 1.2.14, srm defaults to using its "simple" mode to overwrite files (one pass writing 0x00 to the files) instead of the 35-pass Gutmann method. 20161029: AFFECTS: users of irc/quassel AUTHOR: woodsb02@freebsd.org Quassel is now split into two ports / packages; one for providing the server backend (irc/quassel-core), and one for providing the client front-end (irc/quassel). Alternatively, the irc/quassel port can be built with the MONO option enabled to also install the client and server combined into a single monolithic binary. 20161028: AFFECTS: users of security/openssl and security/openssl-devel AUTHOR: brnrd@freebsd.org The shared library versions of OpenSSL have been bumped to avoid issues with ports' and base's OpenSSL not being binary compatible. Please rebuild all ports that depend on OpenSSL if you use OpenSSL from ports. If you use portmaster: portmaster -r openssl If you use portupgrade: portupgrade -fr security/openssl 20161026: AFFECTS: users of net-p2p/deluge AUTHOR: rm@FreeBSD.org Deluge port has been split out onto CLI part and GUI part. So if user only needs deluged, net-p2p/deluge-cli should be installed. For full deluge installation, including GTK+ GUI client, net-p2p/deluge should be installed as a usual. Old deluge package should be removed manually first: # pkg delete deluge After that install preferred deluge package as usual. 20161018: AFFECTS: users of x11/xfce4-terminal AUTHOR: olivierd@FreeBSD.org The port has been updated to the latest stable version 0.8.0. A warning appears each time we open new tab: Gtk-WARNING **: gtk_widget_size_allocate(): attempt to allocate widget with... This issue will disappear with Gtk > 3.21. 20161014: AFFECTS: users of lang/python3 AUTHOR: antoine@FreeBSD.org The default version of python3 has changed from 3.4 to 3.5. If you wish to stick with older version, add "python3=3.4" to your DEFAULT_VERSIONS variable in /etc/make.conf. To upgrade: If using portupgrade: # portupgrade -o lang/python35 lang/python34 If using portmaster: # portmaster -o lang/python35 lang/python34 20161011: AFFECTS: Users of net-im/ejabberd AUTHOR: ashish@FreeBSD.org Before upgrading ejabberd to 16.09, please make sure to backup your ejabberd data using: % sudo -u ejabberd -H ejabberdctl backup /path/to/backup/file In some cases, ejabberd may fail to start, for which a workaround is to remove the schema.DAT file from /var/spool/ejabberd before starting, and then restoring everything from the backup using: % sudo -u ejabberd -H ejabberdctl restore /path/to/backup/file For more details: https://github.com/processone/ejabberd/issues/1305 20161005: AFFECTS: Users of audio/squeezeboxserver (now audio/logitechmediaserver) AUTHOR: woodsb02@FreeBSD.org With the rename of the audio/squeezeboxserver port to audio/logitechmediaserver, the server and database are now installed in different locations by default (/usr/local/share/logitechmediaserver and /var/db/logitechmediaserver respectively). If you were an existing user of audio/squeezeboxserver, you should consider backing up you server configuration files and database before upgrading to audio/logitechmediaserver. If you wish to override the default locations for storing the server and database, you can set the SLIMDIR and SLIMDBDIR variables in your /etc/make.conf when building the audio/logitechmediaserver port. 20161004: AFFECTS: mail/roundcube-carddav AUTHOR: gahr@FreeBSD.org There is no upgrade path from the 1.0 version. You'll need to: 1. Log off from Roundcube. 2. Manually drop all carddav_* tables from your db backend. 3. Upgrade the mail/roundcube-carddav port. The new tables will be created upon login. The CardDAV plugin will need to be reconfigured. If you are running php < 7.0.0, you'll need to set the plugin option: $prefs['_GLOBAL']['suppress_version_warning'] = true; See https://github.com/blind-coder/rcmcarddav/issues/165 for details. 20160927: AFFECTS: emulators/ppsspp AUTHOR: jbeich@FreeBSD.org Qt* GUI was split into separate ports: emulators/ppsspp-qt4 emulators/ppsspp-qt5 20160927: AFFECTS: sysutils/android-file-transfer AUTHOR: jbeich@FreeBSD.org Qt* GUI was split into separate ports: sysutils/android-file-transfer-qt4 sysutils/android-file-transfer-qt5 20160922: AFFECTS: users of databases/pglogical, databases/pglogical-output AUTHOR: matthew@FreeBSD.org As of version 1.2.0, databases/pglogical-output has been merged into databases/pglogical. portmaster or portupgrade users should delete pglogical-output manually before upgrading. 20160921: AFFECTS: users of mail/sieve-connect AUTHOR: alexey@renatasystems.org Version 0.88 contains two breaking changes: 1. If the Sieve server does not offer STARTTLS, then connections should now fail. 2. When deriving a remote script name from the local filename, use the basename and strip off directories. For additional information see: http://mail.globnix.net/pipermail/sieve-connect-announce/2016/000012.html 20160919: AFFECTS: users of net/vtun AUTHOR: cy@FreeBSD.org The VTUN_EXTENDED_MODE option has been replaced by -e command line option. 20160914: AFFECTS: users of www/nginx-devel AUTHOR: osa@FreeBSD.org Nginx now creates logs under /var/log/nginx/ and changes default log names from "nginx-access.log" and "nginx-error.log" to "access.log" and "error.log" respectively. This is important for the error log because the location is encoded and touched by nginx during startup regardless of the configured location for the error log. See http://trac.nginx.org/nginx/ticket/147 for additional information on why this happens. 20160914: AFFECTS: users of deskutils/xfce4-volumed-pulse AUTHOR: olivierd@FreeBSD.org The port has been updated to the latest stable version 0.2.2. Support of xfce4-mixer has been removed, so you can delete its properties with the following command: xfconf-query -c xfce4-mixer -p / -rR 20160910: AFFECTS: users of security/letsencrypt.sh AUTHOR: riggs@FreeBSD.org The config filename has been changed upstream from "config.sh" to "config". Users must rename the current config file manually. In addition, the default WELLKNOWN location has been changed to %%PREFIX%%/www/letsencrypt. In order to use the previous default location, the config file must be updated manually as well. 20160907: AFFECTS: users of math/galculator AUTHOR: woodsb02@FreeBSD.org galculator now uses GTK3 by default. An option exists in the port to revert to GTK2 if desired. 20160906: AFFECTS: uses of www/nginx AUTHOR: marino@FreeBSD.org Nginx now creates logs under /var/log/nginx/ and changes default log names from "nginx-access.log" and "nginx-error.log" to "access.log" and "error.log" respectively. This is important for the error log because the location is encoded and touched by nginx during startup regardless of the configured location for the error log. See http://trac.nginx.org/nginx/ticket/147 for additional information on why this happens. 20160905: AFFECTS: users of databases/postgresql96-server AUTHOR: girgen@FreeBSD.org The default unix user used by the PostgreSQL daemon has changed to `postgres' to reflect the long time upstream's convention. Any scripts you have using the old `pgsql' unix user should be modified when upgrading to PostgreSQL version 9.6. Older versions of PostgreSQL will continue using `pgsql' until their end-of-life. For users with UTF-8 locales in the database: The ICU patch is *activated by default* for the PostgreSQL-9.6 server. For previous versions it was optional and default off, but this has changed. Please read the entry here below from 20160811 and understand the consequences of changing between ICU and system locale for database collation (short version: don't). pg_upgrade requires the collation method to be the same (or a reindex), while pg_dump/restore does not. Also, the default home directory for the postgres user is now /var/db/postgres, and the default data directory for PostgreSQL 9.6 is /var/db/postgres/data96. 20160829: AFFECTS: users of x11/nvidia-driver AUTHOR: cem@FreeBSD.org The NVidia driver has been updated to version 367.35. Starting with version 358.09, new kernel module was added, nvidia-modeset.ko. This new driver component works in conjunction with the nvidia.ko kernel module to program the display engine of the GPU. Users that experience hangs when starting X11 server, or observe (II) NVIDIA(0): Validated MetaModes: (II) NVIDIA(0): "NULL" messages in their /var/log/Xorg.0.log file should replace ``nvidia'' with ``nvidia-modeset'' in /boot/loader.conf or /etc/rc.conf files, depending on how they prefer to load NVidia driver kernel module. 20160829: AFFECTS: users of security/sshguard AUTHOR: feld@FreeBSD.org Sshguard has been updated to 1.7.0. There have been several changes to this release. Notably the hosts and ipfilter backends are no longer supported. If you need these backends to be supported and you missed the survey sent out by upstream I urge you to contact upstream. The hosts backend was previously served by security/sshguard directly. The additional backends were slave ports with package name suffixes. I have opted to keep the master/slave port relationship but not choose a specific backend for security/sshguard. Instead it is now a metaport which will prompt you for which backend you prefer. If no backend is configured it will depend on security/sshguard-ipfw, which is the native FreeBSD firewall. This my be surprising to users who depended on security/sshguard which only provided hosts/TCP Wrappers blocking, but there is no replacement at this time. I would also like to document that sshguard no longer accepts the -e argument which allowed external scripts to run when sshguard finds a match. As a result the null backend can no longer be used to create custom blocking functionality; it only serves as a detection backend. If the removed backends return due to user demand they will be added as slave ports for consistency. I apologize for any inconvenience and lack of notice on the deprecation of these features. 20160815: AFFECTS: users of mail/rspamd* AUTHOR: vsevolod@FreeBSD.org Rspamd users should update Rspamd to 1.3.3 version as soon as possible and ensure that '/usr/local/etc/rspamd/module.d/fuzzy_check.conf` has the line `algorithm = "mumhash";` for the "rspamd.com" rule. The more detailed information could be found on https://rspamd.com/announce/2016/08/15/rspamd-1.3.3.html 20160815: AFFECTS: users of dns/powerdns* AUTHOR: junovitch@FreeBSD.org PowerDNS Authoritative Server and Recursor 4.0.0+ introduce significant changes to the configuration files, which need to be handled before restarting the services. As from the Recursor changelog, "The Lua hook infrastructure was redone using LuaWrapper; old scripts will no longer work, but new scripts are easier to write under the new interface." 20160811: AFFECTS: users of security/libressl AUTHOR: brnrd@FreeBSD.org The port has been updated to the latest stable version 2.4 of LibreSSL. The shared library versions of the libraries have been bumped. With this update, the patch for the OPENSSL_VERSION_NUMBER has been removed. This causes issues with a number of ports. Patches for all ports for which this issues is known can be found on https://wiki.freebsd.org/LibreSSL/Ports#OPENSSL_VERSION_NUMBER After upgrading, manually update all packages that depend on any of the libraries provided by LibreSSL (libssl, libcrypto and libtls) since the versions of these libraries have changed. Normally, you can obtain the list of dependent software by running the following command: # pkg info -r libressl Then you should rebuild all ports depending on libressl to avoid dangling shared library dependencies. Poudriere and pkg handle this correctly, portmaster and portupgrade users can use the following to rebuild all dependent ports. Portmaster users: portmaster -r libressl Portupgrade users: portupgrade -fr security/libressl 20160811: AFFECTS: users of databases/postgresqlNN-server with ICU patch AUTHOR: girgen@FreeBSD.org The ICU patch is added to the PostgreSQL-9.5 server. Please note that you must never change between using the ICU patch and using system locale for the same database cluster without REINDEXing all TEXT/VARCHAR columns, or dump and restore your database. Failing to do so will result in corrupted indexes due to the differences between the locale definitions. ICU will always be the better choice for speed and correctness. Also, the ICU patch used to support other Unicode encodings than UTF-8, but that has been removed due to lack of demand and the complicated testing required. If you use another Unicode encoding and rely on ICU for collation, please refrain from upgrading the postgresql server and instead contact the author named above. 20160722: AFFECTS: users of emulators/virtualbox-ose AUTHOR: jkim@FreeBSD.org VirtualBox has been updated to 5.0.26 and it is incompatible with old kernel modules. You should upgrade emulators/virtualbox-ose-kmod and load new kernel modules before starting new version, e.g., # service vboxnet restart 20160722: AFFECTS: users of games/stonesoup-* AUTHOR: lifanov@mail.lifanov.com The WIZARD option has been renamed to NOWIZARD and is now an opt-out to better reflect the upstream. If you run a shared game server and would like the Wizard mode support disabled, please update port options. 20160718: AFFECTS: users of www/awstats AUTHOR: adamw@FreeBSD.org The directory containing icons has changed from ".../icons" to ".../icon". awstats has, in its suggested configuration file, contained an alias from /awstatsicons. After applying the awstats-7.5 update, you must update that alias to point to /usr/local/www/awstats/icon (just remove the "s" at the end). 20160708: AFFECTS: users of sysutils/screen AUTHOR: cy@FreeBSD.org GNU Screen was updated to version 4.4.0 (r417201). Note that there was fix to screen message structure field responsible for $TERM handling, making it impossible to attach to older versions. 20160704: AFFECTS: users of databases/mysql57-* AUTHOR: riggs@FreeBSD.org The default location for my.cnf has changed from "/var/db/mysql/my.cnf" to "/usr/local/etc/mysql/my.cnf". Existing my.cnf files must be merged manually with the new default and moved to the new location. To continue using the my.cnf file at the old location, set "mysql_optfile" in /etc/rc.conf to point to the location of the existing my.cnf file. 20160701: AFFECTS: users of www/node5 AUTHOR: bradleythughes@fastmail.fm Node.js v5.x has reached end of life and has been removed. Users that have not yet moved to v6.x should do so now by switching to the www/node port. 20160627: AFFECTS: users of sysutils/rsyslog7 AUTHOR: brd@FreeBSD.org Rsyslog 7.x has reached end of life status and is being marked as depreciated. Rsyslog 8 has been made the default. 20160626: AFFECTS: users of www/calendarserver AUTHOR: pi@FreeBSD.org Please note that updating from the previous version (5.1) to the current version (8.0) requires manual steps. Please consult the pkg-message for details. 20160624: AFFECTS: users of shells/zsh AUTHOR: adamw@FreeBSD.org zsh now looks for system-wide conf files in ${PREFIX}/etc, instead of /etc. If you have files like zshrc, zshenv, zprofile, zlogin, or zlogout in /etc, either move them to /usr/local/etc or rebuild zsh with the ETCDIR option on. Note that this change only affects system-wide conf files, which are not installed or created by a default installation. 20160621: AFFECTS: users of www/redmine AUTHOR: tz@FreeBSD.org Redmine was updated from 2.6.9 to 3.2.3. Since this an update over major versions be careful with your update. For further update instructions please have a look at: https://www.redmine.org/projects/redmine/wiki/RedmineUpgrade 20160621: AFFECTS: users of ftp/wget AUTHOR: vd@FreeBSD.org Wget 1.18 fixes a security vulnerability (CVE-2016-4971) and the fix introduces a backward-incompatibility for HTTP->FTP redirects. Any script that relies on the old behaviour must use --trust-server-names in order to trust the HTTP response and redirect to the new filename. 20160619: AFFECTS: users of databases/py-apsw AUTHOR: rm@FreeBSD.org SQLite 3.12 completely changed the semantics of VFS.xGetLastError() in an incompatible way. This required a rewrite of the relevant C, Python and test code. If you implement or use this method then you have to rewrite your code too. Also note that running the test suite from an earlier version of APSW against this or future SQLite versions will result in consuming all memory, swap or address space (an underlying integer changed meaning). 20160616: AFFECTS: users of security/openssl*, security/libressl* AUTHOR: mat@FreeBSD.org Previously, to tell the ports tree, you needed to set: WITH_OPENSSL_PORT=yes And if you wanted a port that was not security/openssl, you needed to add, for example: OPENSSL_PORT= security/libressl Now, all you need to do is: DEFAULT_VERSIONS+= ssl=libressl Valid values are base, openssl, openssl-devel, libressl, and libressl-devel. 20160614: AFFECTS: users of www/node, www/node5, and www/node4 AUTHOR: adamw@FreeBSD.org node now prefers a few libraries from ports to the versions bundled with node. However, node cannot use the libssl from LibreSSL. If you are using LibreSSL as your SSL provider, you must enable the "BUNDLED_SSL" option when building node. 20160611: AFFECTS: users of textproc/xmlroff AUTHOR: hrs@FreeBSD.org The library part of xmlroff has been separated into textproc/libfo. Remove the installed xmlroff first when upgrading it because older xmlroff than 0.6.2_6 have files which libfo installs. A typical error message is the following: pkg-static: libfo-0.6.2 conflicts with xmlroff-0.6.2_5 (installs files into the same place). Problematic file: /usr/local/include/libfo-0.6/libfo/area/fo-area.h 20160610: AFFECTS: users of databases/postgresql-repmgr AUTHOR: bofh@FreeBSD.org The port has been repocopied to databases/postgresql-repmgr2 and current post has been updated to 3.x series. If anyone is still looking forward to use the 2.x please upgrade as following. # portmaster -o databases/postgresql-repmgr2 databases/postgresql-repmgr or # portupgrade -o databases/postgresql-repmgr2 databases/postgresql-repmgr Otherwise if you want to move on with 3.x series just use # portmaster -r databases/postgresql-repmgr or # portupgrade -fr databases/postgresql-repmgr 20160605: AFFECTS: users of www/h2o AUTHOR: junovitch@FreeBSD.org File paths no longer have a trailing / appended to them. This enables directing specific paths to a file but may break existing configurations. Refer to https://h2o.examp1e.net/configure/file_directives.html and revise your yaml config appropriately. 20160601: AFFECTS: users of security/libressl-devel AUTHOR: brnrd@FreeBSD.org The port has been updated to the latest "unstable" version of LibreSSL. The shared library versions of the libraries have been bumped. With this update, the patch for the OPENSSL_VERSION_NUMBER has been removed. This causes issues with a number of ports. Patches for many of these issues can be found on https://wiki.freebsd.org/LibreSSL/Ports#OPENSSL_VERSION_NUMBER After upgrading to 2.4.0, manually update all packages that depend on any of the libraries provided by LibreSSL (libssl, libcrypto and libtls) since the versions of these libraries have changed. Normally, you can obtain the list of dependent software by running the following command: # pkg info -r libressl-devel Then you should rebuild all ports depending on libressl-devel to avoid dangling shared library dependencies. Poudriere and pkg handle this correctly, portmaster and portupgrade users can use the following to rebuild all dependent ports. Portmaster users: portmaster -r libressl-devel Portupgrade users: portupgrade -fr security/libressl-devel 20160527: AFFECTS: users of mail/opensmtpd-extras (any of them) AUTHOR: adamw@FreeBSD.org The invocation for extras has changed. Some extras might fail unless you pass all options/arguments separated by quotes: filter myfilter dnsbl "-c /var/chroot/dnsbl" "-h my.dnsbl.com" Additionally, extras now run in a chroot. Either pass "-C" to skip the chroot entirely (not recommended), or put all required config files, resolv.conf, and external binaries into the chroot. For example: # mkdir -p /var/chroot/dnsbl/etc # cp /etc/resolv.conf /var/chroot/dnsbl/etc And pass "-c /var/chroot/dnsbl" to the filter. 20160526: AFFECTS: users of mail/opensmtpd AUTHOR: brnrd@FreeBSD.org Due to changes to the rc-script you must stop smtpd prior to upgrading mail/opensmtpd to version 5.9.2 # service smtpd stop Then upgrade OpenSMTPD to version 5.9.2. Additionally version 5.9.2 changes the file mode bits for two directories. To allow existing installations to start successfully you must apply the following changes # chown -R root:_smtpq /var/spool/smtpd/offline # chmod -R 770 /var/spool/smtpd/offline # chmod -R 700 /var/spool/smtpd/purge After applying the changes, the smtpd daemon can successfully be started. 20160525: AFFECTS: users of devel/qtcreator AUTHOR: nolden@kde.org QBS (Qt Build System) was previously shipped as part of qtcreator, now it is independently available as devel/qbs. However, on upgrading qtcreator to 3.6.1, the depends will detect qbs through a previously installed qtcreator port and will not build/install correctly (devel/qbs won't be installed automatically as depends) The solution is to pkg remove qtcreator, then building works correctly. 20160523: AFFECTS: users of databases/db6 AUTHOR: mandree@FreeBSD.org The databases/db6 port has been updated to release 6.2.23. This requires manual action in two places: 1. dependent applications need to be recompiled, 2. SQL databases, if any, need to be reindexed. To obtain a list of ports needing a recompilation, the following command should provide it: # pkg info -r db6 Then rebuild db6 and the dependent ports. For pkg users, this should be transparent. Portmaster users: # portmaster -r databases/db6 Portupgrade users: # portupgrade -fr databases/db6 In order to reindex SQL databases, a db6-upgrade61.sh script is provided in ${PREFIX}/bin, if and only if the port's SQL option is enabled. For detailed reindexing instructions, see http://docs.oracle.com/cd/E17076_05/html/installation/sqlite_ver61.html and note that the FreeBSD port installs the upgrade61.sh script with a db6- prefix that you need to add. 20160511: AFFECTS: users of audio/clementine-player AUTHOR: sbruno@FreeBSD.org The audio/clementine-player port has been updated to v1.3.1, the latest upstream release. The music database code now has a hard dependency on databases/sqlite having the FTS3_TOKENIZER option enabled. This has been made the default option in databases/sqlite. Without this option, clementine-player will crash on startup. 20160510: AFFECTS: users of biology/seqan AUTHOR: junovitch@FreeBSD.org The biology/seqan port has been split into biology/seqan (only the library) and biology/seqan-apps for the programs based on SeqAn. Both ports are based on version 2.1.1 of the SeqAn repository. There is a new biology/seqan1 port with version 1.3 of SeqAn for backwards compatibility, but this port will likely be deprecated in the next year so please update your software to SeqAn2. 20160505: AFFECTS: users of www/node AUTHOR: bradleythughes@fastmail.fm The www/node port has been updated to node.js v6.0.0, the latest upstream release. Users of node.js v5.x are encouraged to upgrade as soon as possible, as upstream support will end two months from now. The www/node5 port has been created to aid users transition. Use one of the following commands to continue using node.js v5.x: # pkg install node5 or # portmaster -o www/node5 www/node or # portupgrade -o www/node5 www/node 20160503: AFFECTS: users of security/libressl AUTHOR: brnrd@FreeBSD.org LibreSSL 2.3 has removed SSLv3 support completely which leads to issues with a number of ports. Patches for many of these issues can be found on https://wiki.freebsd.org/OpenSSL/No-SSLv3 After upgrading to 2.3.4, manually update all packages that depend on any of the libraries provided by LibreSSL (libssl, libcrypto and libtls) since the versions of these libraries have changed. Normally, you can obtain the list of dependent software by running the following command: # pkg info -r libressl Then you should rebuild all ports depending on libressl to avoid dangling shared library dependencies. Poudriere and pkg handle this correctly, portmaster and portupgrade users can use the following to rebuild all dependent ports. Portmaster users: portmaster -r libressl Portupgrade users: portupgrade -fr security/libressl 20160501: AFFECTS: users of mail/dspam AUTHOR: junovitch@FreeBSD.org dspam has been modified to no longer run as root:mail by default. Existing configuration must be adjusted to reflect using a non-privileged port and the /var/run/dspam directory for PID and socket files. If you need dspam to run as root for your mail setup, you can use the SETUID config option to enable the old insecure behavior. 20160229: AFFECTS: users of www/nginx and www/nginx-devel AUTHOR: osa@FreeBSD.org The ${MODULESDIR}, default directory for dynamic modules, has been changed from ${ETCDIR}/modules to ${PREFIX}/libexec/${PORTNAME}. It's highly recommended to review existing configuration files of nginx, i.e. ${PREFIX}/etc/nginx/nginx.conf. 20160424: AFFECTS: users of net-mgmt/icinga2 AUTHOR: lme@FreeBSD.org The creation of Icinga2 directories and files in /var is now controlled by the /etc/rc.conf variable icinga2_mkvar. Earlier ports always created the /var entries, but could slow startup significantly when /var was a normal disk rather than a RAM disk. icinga2_mkvar defaults to "NO". 20160415: AFFECTS: users of audio/chromaprint AUTHOR: jhale@FreeBSD.org chromaprint has been updated to version 1.3.1 and includes a shared library bump. PORTREVISIONS have been bumped on affected ports. If you are using binary pkg, 'pkg upgrade' will do the right thing. Users of portmaster/portupgrade must rebuild all ports which depend on chromaprint. Portmaster users: portmaster -w -r chromaprint Portupgrade users: portupgrade -fr audio/chromaprint 20160414: AFFECTS: users of www/tt-rss AUTHOR: thierry@FreeBSD.org Tiny Tiny RSS can use a database running on a separate server. Previously, in this case, you had to set the option DBLOCAL; this option has been removed and replaced by a settable run-time flag: now you should set ttrssd_local_db="NO" in your /etc/rc.conf . 20160414: AFFECTS: users of graphics/kipi-plugin-googledrive and graphics/kipi-plugin-picasaweb AUTHOR: kde@FreeBSD.org DigiKam and its related ports have been updated to 4.14.0, the latest stable upstream release. The graphics/kipi-plugin-googledrive and graphics/kipi-plugin-picasaweb have both been merged into the new graphics/kipi-plugin-googleservices following a move done upstream. Those two ports must be removed, and graphics/kipi-plugin-googleservices should be used instead. 20160413: AFFECTS: users of www/node-devel AUTHOR: bradleythughes@fastmail.fm www/node-devel was outdated and has been removed. Upstream no longer releases a development version. You can use the www/node port to get node.js 5.x by running one of the following commands: # pkg install node or # portmaster -o www/node www/node-devel or # portupgrade -o www/node www/node-devel 20160413: AFFECTS: multimedia/x264 AUTHOR: jbeich@FreeBSD.org LSMASH replaced GPAC by default. If you use BATCH=y in /etc/make.conf and hit below error make sure to re-run "make config". ====> You cannot select multiple options from the MP4 radio *** Error code 1 20160412: AFFECTS: users of net/samba42 and net/samba/43 AUTHOR: timur@FreeBSD.org Samba 4.2.x and 4.3.x ports have been updated to address BadLock(http://badlock.org) vulnerability, as well as few other discovered. Please note that Samba 4.1.x and older versions are also affected by the issues fixed with this release but are not supported anymore. It is strongly recommend to upgrade to a recent version at your earliest convenience. The security updates include new smb.conf options and a number of stricter behaviours to prevent Man in the Middle attacks. Between these changes, compatibility with a large number of older software versions has been lost in the default configuration. For more information about the related behaviour changes and the security issues please visit: https://www.samba.org/samba/latest_news.html#4.4.2 https://www.samba.org/samba/history/samba-4.3.8.html https://www.samba.org/samba/history/samba-4.2.11.html 20160411: AFFECTS: users of databases/influxdb AUTHOR: cheffo@freebsd-bg.org To upgrade to InfluxDB 0.12, you must be on version 0.10 and all shards must be in TSM format (the default storage engine starting with InfluxDB 0.10). See the 0.10 documentation [1] for how to convert b1 and bz1 shards to TSM. If any b1 or bz1 shards are present, InfluxDB 0.12 will not start. Next, you need to update your metastore *before updating to 0.12.* [2] [1] https://docs.influxdata.com/influxdb/v0.10/administration/upgrading/#convert-b1-and-bz1-shards-to-tsm1 [2] https://docs.influxdata.com/influxdb/v0.12/administration/upgrading/ 20160406: AFFECTS: users of www/pecl-http AUTHOR: bofh@FreeBSD.org www/pecl-http has been updated to the latest 3.x stable release, which supports php70+ and a new port www/pecl-http2 has been created for the 2.x branch. Should users want to continue to use version 2.x, replace www/pecl-http with www/pecl-http2 as follows: Using packages: # pkg delete pecl-http # pkg install pecl-http2 Using ports: # portupgrade -o www/pecl-http2 www/pecl-http OR # portmaster -o www/pecl-http2 www/pecl-http 20160404: AFFECTS: users of lang/ruby21 AUTHOR: swills@FreeBSD.org The default ruby version has been updated from 2.1 to 2.2. If you compile your own ports you may keep 2.1 as the default version by adding the following lines to your /etc/make.conf file: # # Keep ruby 2.1 as default version # DEFAULT_VERSIONS+=ruby=2.1 If you wish to update to the new default version, you need to first stop any software that uses ruby. Then, you will need to follow these steps, depending upon how you manage your system. If you use pkgng, simply upgrade: # pkg upgrade If you use portmaster, install new ruby, then rebuild all ports that depend on ruby: # portmaster -o lang/ruby22 lang/ruby21 # portmaster -R -r ruby-2.2 If you use portupgrade, install new ruby, then rebuild all ports that depend on ruby: # pkg delete -f ruby portupgrade # make -C /usr/ports/ports-mgmt/portupgrade install clean # pkg set -o lang/ruby21:lang/ruby22 # portupgrade -x ruby-2.2.\* -fr lang/ruby22 20160404: AFFECTS: mail/spamassassin AUTHOR: adamw@FreeBSD.org Support for SSLv3 has been removed from SpamAssassin, because SSLv3 is a Bad Idea. No direct option is provided to re-enable it. If your setup requires use of SSLv3, some instructions are available in FreeBSD PR 208225. 20160331: AFFECTS: security/clamav-unofficial-sigs AUTHOR: lukasz@wasikowski.net, sf@maxempire.com This version of clamav-unofficial-sigs is eXtremeSHOK's fork. Configuration file location has changed from %PREFIX%/clamav-unofficial-sigs.conf to %PREFIX%/clamav-unofficial-sigs/ master.conf and os.conf hold default values, local changes should be placed in user.conf. 20160324: AFFECTS: print/ghostscript9-base AUTHOR: tijl@FreeBSD.org The default Ghostscript port has changed from print/ghostscript9-base, which is no longer developed, to print/ghostscript9-agpl-base. Package users will upgrade automatically. Ports users can stick with the old port by adding "DEFAULT_VERSIONS+=ghostscript=9" to /etc/make.conf, or move to the new port with: portmaster -o print/ghostscript9-agpl-base ghostscript9-base or: portupgrade -o print/ghostscript9-agpl-base print/ghostscript9-base And if you have ghostscript9-x11 installed: portmaster -o print/ghostscript9-agpl-x11 ghostscript9-x11 or: portupgrade -o print/ghostscript9-agpl-x11 print/ghostscript9-x11 Note that print/ghostscript9-agpl-base is licensed under the AGPLv3 while print/ghostscript9-base is licensed under the GPLv3. 20160317: AFFECTS: security/openvas-client AUTHOR: tijl@FreeBSD.org The OpenVAS ports have been updated from version 2 to version 8. All components have been renamed and rearranged. The old OpenVAS client no longer exists. Instead there is a web interface provided by security/greenbone-security-assistant or a command-line interface provided by security/openvas-cli. 20160311: AFFECTS: print/hplip AUTHOR: tijl@FreeBSD.org HPLIP has been updated to verion 3.16.2. As part of the update support for the hpijs/foomatic-rip filter has been dropped. This has long been unsupported upstream. If you used this filter with your printer you'll have to remove the printer with HP Device Manager and then add it back as a new device. 20160311: AFFECTS: print/cups-base, print/cups-client, print/cups-image AUTHOR: tijl@FreeBSD.org The cups-base, cups-client and cups-image packages have been combined into one cups package. If you build your own ports the easiest way to update is to delete these packages first and then build and install print/cups. If you are using binary packages, depending on the packages installed on your system, pkg(8)'s solver might get confused. In this case do not proceed with the upgrade but delete first the packages: pkg delete -fg "cups*" Then usual upgrade process: pkg upgrade The device URI of USB printers has changed so you have to adjust the printer configuration. Go to http://localhost:631/printers/. Click on your printer and select "Modify Printer" in the Administration drop-down. You should then be able to select the new URI of the printer. The web interface requires cookies and JavaScript to function properly so make sure your browser does not block them. The package also installs a devd(8) configuration file now that gives cups access to USB printers. Unless you have any special needs you can remove any devd(8), devfs.conf(5) or devfs.rules(5) configuration related to cups that you may have added in the past. 20160306: AFFECTS: net-mgmt/yaf AUTHOR: pi@FreeBSD.org YAF is updated to version 2.8.1 with many new OPTIONS. Please use the default options to get same behavior as previous version. 20160302: AFFECTS: audio/alsa-utils, www/firefox, www/firefox-esr, www/seamonkey AUTHOR: jbeich@FreeBSD.org ALSA backend in libcubeb as used by Firefox has an unresolved issue with the OSS patch in audio/alsa-plugins. To avoid excessive CPU usage when playing HTML5 videos rebuild the port with BUFSZ_P2 option enabled or reset options to default. However, with BUFSZ_P2 enabled alsa-utils may crash: $ aplay test.wav Playing WAVE 'test.wav' : Signed 16 bit Little Endian, Rate 48000 Hz, Stereo Assertion failed: (err >= 0), function set_params, file aplay.c, line 1289. Aborted by signal Abort trap... 20160229: AFFECTS: users of security/openssh-portable-devel AUTHOR: bdrewery@FreeBSD.org openssh-portable-devel has been removed since it is stale, insecure and not worth maintaining any longer. Users should switch back to openssh-portable. Using packages: # pkg delete openssh-portable-devel # pkg install openssh-portable Using ports: # portmaster -o security/openssh-portable openssh-portable-devel OR # portupgrade -o security/openssh-portable security/openssh-portable-devel 20160228: AFFECTS: users of mail/postfix AUTHOR: ohauer@FreeBSD.org Postfix has been updated to version 3.1, VDA and native SPF is no longer supported. - if VDA support is needed, users should stay on mail/postfix211 - SPF support can be added to postfix via one of the mail/*spf* ports The Dovecot SASL OPTION was removed, Dovecot SASL support is always given from now on. In addition, for each mail/postfix* port there is now a mail/postfix*-sasl slave port providing Cyrus SASL as default. To stay on postfix-2.11.x run the command: # pkg set -o mail/postfix:mail/postfix211 20160217: AFFECTS: users of www/nginx-devel AUTHOR: osa@FreeBSD.org Dynamic modules support has been enabled for the following third-party modules, in case of usage of these modules please update nginx configuration file for load these modules: load_module "modules/ngx_dynamic_upstream_module.so"; load_module "modules/ngx_http_small_light_module.so";