Copyright � 2015 The FreeBSD Documentation Project
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “�” symbol.
The release notes for FreeBSD 10.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 10.2-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 10.2-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD
10.2-RELEASE is a release distribution. It can be
found at https://www.FreeBSD.org/releases/ or
any of its mirrors. More information on obtaining this (or
other) release distributions of FreeBSD can be found in the
“Obtaining
FreeBSD” appendix to the FreeBSD
Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 10.2-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 10.1-RELEASE.
Typical release note items document recent security advisories issued after 10.1-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
[amd64,i386] Binary upgrades between RELEASE versions
(and snapshots of the various security branches) are supported
using the freebsd-update(8) utility. The binary upgrade
procedure will update unmodified userland utilities, as well as
unmodified GENERIC kernel distributed as
a part of an official FreeBSD release. The freebsd-update(8)
utility requires that the host being upgraded have Internet
connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are
supported, according to the instructions in
/usr/src/UPDATING.
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.
This section lists the various Security Advisories and Errata Notices since 10.1-RELEASE.
| Advisory | Date | Topic |
|---|---|---|
| FreeBSD-SA-14:27.stdio | 10�December�2014 | Buffer overflow in stdio |
| FreeBSD-SA-14:28.file | 10�December�2014 | Multiple vulnerabilities in file(1) and libmagic(3) |
| FreeBSD-SA-14:30.unbound | 17�December�2014 | Remote denial of service vulnerability |
| FreeBSD-SA-14:31.ntp | 23�December�2014 | Multiple vulnerabilities in NTP suite |
| FreeBSD-SA-15:01.openssl | 14�January�2015 | Multiple vulnerabilities in OpenSSL |
| FreeBSD-SA-15:02.kmem | 27�January�2015 | SCTP kernel memory corruption and disclosure vulnerability |
| FreeBSD-SA-15:03.sctp | 27�January�2015 | SCTP stream reset vulnerability |
| FreeBSD-SA-15:04.igmp | 25�February�2015 | Integer overflow in IGMP protocol |
| FreeBSD-SA-15:06.openssl | 19�March�2015 | Multiple vulnerabilities |
| FreeBSD-SA-15:07.ntp | 7�April�2015 | Multiple vulnerabilities |
| FreeBSD-SA-15:08.bsdinstall | 7�April�2015 | Insecure default GELI key file permissions |
| FreeBSD-SA-15:09.ipv6 | 7�April�2015 | Router advertisement Denial of Service |
| FreeBSD-SA-15:10.openssl | 16�June�2015 | Multiple vulnerabilities |
| FreeBSD-SA-15:12.openssl | 9�July�2015 | OpenSSL alternate chains certificate forgery vulnerability (Note: This does not affect FreeBSD�10.1-RELEASE) |
| FreeBSD-SA-15:13.tcp | 21�July�2015 | resource exhaustion due to sessions stuck in
|
| FreeBSD-SA-15:14.bsdpatch | 28�July�2015 | Shell injection vulnerability |
| FreeBSD-SA-15:15.tcp | 28�July�2015 | resource exhaustion in TCP reassembly |
| FreeBSD-SA-15:16.openssh | 28�July�2015 | Multiple vulnerabilities |
| FreeBSD-SA-15:18.bsdpatch | 5�August�2015 | Shell injection vulnerability |
| FreeBSD-SA-15:19.routed | 5�August�2015 | Remote denial of service vulnerability |
| Errata | Date | Topic |
|---|---|---|
| FreeBSD-EN-14:13.freebsd-update | 23�December�2014 | Fixed directory deletion issue in freebsd-update(8) |
| FreeBSD-EN-15:01.vt | 25�February�2015 | vt(4) crash with improper ioctl parameters |
| FreeBSD-EN-15:02.openssl | 25�February�2015 | OpenSSL update |
| FreeBSD-EN-15:03.freebsd-update | 25�February�2015 | freebsd-update(8) updates libraries in suboptimal order |
| FreeBSD-EN-15:04.freebsd-update | 13�May�2015 | freebsd-update(8) does not ensure the previous upgrade has completed |
| FreeBSD-EN-15:05.ufs | 13�May�2015 | Deadlock on reboot with UFS tuned with SU+J |
| FreeBSD-EN-15:06.file | 9�June�2015 | Multiple denial of service issues |
| FreeBSD-EN-15:07.zfs | 9�June�2015 | ZFS reliability improvements |
| FreeBSD-EN-15:08.sendmail | 30�June�2015 (revised) | Sendmail TLS/DH interoperability improvement |
| FreeBSD-EN-15:09.xlocale | 30�June�2015 | Fix inconsistency between locale and rune locale states |
| FreeBSD-EN-15:10.iconv | 30�June�2015 | Improved iconv(3) UTF-7 support |
This section covers changes and additions to userland applications, contributed software, and system utilities.
The termcap(5) file is installed
as-is from sources, instead of reordering, creating
/etc/termcap.db by default, providing
a performance improvements to applications that use the
termcap(5) database, such as vi(1) and
ncurses(3). [r276991]
A new utility, dpv(1), has been added to the base system, providing a dialog(1)-style progress view from one or more input streams. A corresponding library, dpv(3), has also been added. [r275040]
The elfdump(1) utility has been updated to support capability mode provided by capsicum(4). [r275945]
The fstyp(8) utility has been added, which is used to determine the filesystem on a specified device. [r277434] (Sponsored by The�FreeBSD�Foundation)
The mkimg(1) utility has been updated to support the MBR EFI partition type. [r278968] (Sponsored by The�FreeBSD�Foundation)
A regression in the libarchive(3)
library that would prevent a directory from being included in
the archive when --one-file-system is used
has been fixed. [r281044]
The netstat(8) utility has been
updated to include a new flag, -R, which is
used to dump RSS/flow information. [r281161]
(Sponsored by
Limelight Networks)
The
ar(1) utility has been updated to set
ARCHIVE_EXTRACT_SECURE_SYMLINKS and
ARCHIVE_EXTRACT_SECURE_NODOTDOT to disallow
directory traversal when extracting an archive, similar to
tar(1). [r281936]
(Sponsored by
The�FreeBSD�Foundation)
A race condition in wc(1) that
would cause final results to be sent to stderr(4) when
receiving the SIGINFO signal has been
fixed. [r282278]
The freebsd-update(8) utility has been updated to prevent fetching updated binary patches when a previous upgrade has not been thoroughly completed. [r282870] (Sponsored by ScaleEngine, Inc.)
The uefisign(8) utility has been added. [r282974] (Sponsored by The�FreeBSD�Foundation)
The chflags(1), chgrp(1),
chmod(1), and chown(8) utilities now affect symbolic
links when the -R flag is specified, as
documented in symlink(7). [r283875]
(Sponsored by
Multiplay)
The date(1) utility has been
updated to print the modification time of the file passed as
an argument to the -r flag, improving
compatibility with the GNU date(1)
utility behavior. [r283258]
The mkimg(1) utility has been
updated to include a new flag, -c, which
allows specifying the capacity of the target disk
image. [r284523]
The pw(8) utility has been updated
with a new flag, -R, that sets the root
directory within which the utility will operate. [r285092]
The resolvconf(8) utility has been updated to version 3.7.0. [r282746] (Sponsored by The�FreeBSD�Foundation)
The nc(1) utility has been updated to the OpenBSD 5.7 version. [r283270]
Timezone data files have been updated to version 2015e. [r284398]
The acpi(4) subsystem has been updated to version 20150515. [r284460]
The file(1) utility has been updated to version 5.23. [r284778]
The unbound(8) utility has been updated to version 1.5.3. [r285206]
The sendmail utility has been updated to version 8.15.2. [r285305]
OpenSSL has been updated to version 1.0.1p. [r285330]
The ntp suite has been updated to version 4.2.8p3. [r285612]
The
ssh(1) utility has been updated to re-implement hostname
canonicalization before locating the host in
known_hosts. [r285750]
(Sponsored by
Dell, Inc.)
The tar(1) utility has been updated to fix an issue that would prevent compressing sparse files. [r286084]
Support for detecting and implementing
a workaround for various laptops and motherboards that do not
boot properly from GPT-partitioned disks
has been added to bsdinstall(8). Additionally, the
active flag will be set on the partition
when needed. [r285769]
(Sponsored by
ScaleEngine, Inc.)
Support for detecting and implementing aligning partitions on 1Mb boundaries has been added to bsdinstall(8). [r285721] (Sponsored by ScaleEngine, Inc.)
Support for selecting the partitioning scheme when installing on the UFS filesystem has been added to bsdinstall(8). [r285769] (Sponsored by ScaleEngine, Inc.)
A new rc(8) script,
growfs, has been added, which will resize
the root filesystem on boot if /firstboot
exists. [r284009]
A new
periodic(8) script,
510.status-world-kernel, has been added,
which evaluates the running userland and kernel versions from
the uname(1) -U and
-K arguments, and prints an error if the
system userland and kernel are not in sync. [r277520]
(Sponsored by
The�FreeBSD�Foundation)
A new file configuration library, figpar(3), has been added to the base system. [r275040]
The procctl(2) system call has been updated to include a facility for non-init(8) processes to be declared as the reaper of child processes and their decendants. [r276686] (Sponsored by The�FreeBSD�Foundation)
The setmode(3) function has been
updated to consistently set errno on
failure. [r280392]
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
A kernel panic triggered when destroying a vnet(9) jail(8) configured with gif(4) has been fixed. [r276068]
A kernel panic triggered when destroying a vnet(9) jail(8) configured with gre(4) has been fixed. [r284018]
The
PAE_TABLES kernel configuration option has
been added for FreeBSD/i386, which instructs pmap(9)
to use PAE format for page tables while
maintaining a 32-bit physical address size elsewhere in the
kernel. The use of this option can enhance application-level
security by enabling the creation of “no execute”
mappings on modern i386 processors. Unlike the
PAE option, PAE_TABLES
preserves kernel binary interface (KBI)
compatibility with non-PAE kernels,
allowing non-PAE kernel modules and drivers
to work with a PAE_TABLES-enabled kernel.
Additionally, system limits are tuned for 4GB maximum
RAM, avoiding kernel virtual address space
(KVA) exhaustion. [r282065]
(Sponsored by
The�FreeBSD�Foundation)
The SIFTR kernel
configuration has been added, allowing building siftr(4)
statically into the kernel. [r282826]
[amd64,i386] The nvd(4) and nvme(4) drivers are
now included in the GENERIC kernel
configuration by default. [r283076]
(Sponsored by
Intel Corporation)
[arm] The arm boot loader,
ubldr, is now relocatable. In addition,
ubldr.bin is now created during build
time, which is a stripped binary with an entry point of
0, providing the ability to specify the
load address by running go
${loadaddr} in
u-boot. [r283505]
[arm] A new module for creating
rpi.dtb has been added for the Raspberry
Pi. [r284094]
[arm] The
rpi.dtb module is now installed to
/boot/dtb/ by
default for the Raspberry Pi system. [r284094]
[arm] A new module for creating
the dtb module for AM335x systems has
been added. [r284096]
A new kernel configuration option,
EM_MULTIQUEUE, has been added which enables
multi-queue support in the em(4) driver. [r284522]
(Sponsored by
Limelight Networks)
Multi-queue support in the em(4) driver is not officially supported by Intel�.
Throttling via ACPI and P4TCC via device.hints(5) have been turned off by default. [r276986]
The hwpmc(4) default and maximum callchain depths have been increased. The default has been increased from 16 to 32, and the maximum increased from 32 to 128. [r278982] (Sponsored by The�FreeBSD�Foundation)
The devfs(5) device filesystem has
been changed to update timestamps for read/write operations
using seconds precision. A new sysctl(8),
vfs.devfs.dotimes has been added, which
when set to a non-zero value, enables default precision
timestamps for these operations. [r281255]
(Sponsored by
iXsystems, The�FreeBSD�Foundation)
The kern.osrelease
and kern.osreldate are now configurable
jail(8) parameters. [r280632]
A new
sysctl(8), kern.racct.enable, has been
added, which when set to a non-zero value allows using
rctl(8) with the GENERIC kernel.
A new kernel configuration option,
RACCT_DISABLED has also been added. [r284665]
(Sponsored by
The�FreeBSD�Foundation)
The
GENERIC kernel configuration now includes
RACCT and RCTL by
default. [r284665]
(Sponsored by
The�FreeBSD�Foundation)
To enable RACCT and
RCTL on a system using the
GENERIC kernel configuration, add
kern.racct.enable=1 to
loader.conf(5), and reboot the system.
This section covers changes and additions to devices and device drivers since 10.1-RELEASE.
The drm code has
been updated to match Linux� version 3.8.13. [r282199]
The psm(4) driver has been updated to include improved support for newer Synaptics�� touchpads and the ClickPad�� mouse on newer Lenovo�™ laptops. [r281708]
The mpr(4) driver has been updated to version 9.255.01.00-fbsd. [r283990]
The hpt27xx(4) driver has been updated to version 1.2.7. [r284879]
The hptnr(4) driver has been updated to version 1.1.4. [r284935]
The pf(4) interface default hash
has been changed from Jenkins to
Murmur3, providing a 3-percent performance
increase in packets-per-second. [r274486]
The ral(4) driver has been updated to support the RT5390 and RT5392 chipsets. [r279157]
The gre(4) driver has been significantly overhauled, and has been split into two separate modules, gre(4) and me(4). [r284066] (Sponsored by Yandex LLC)
The vxlan(4) driver has been added, which creates a virtual Layer 2 (Ethernet) network overlaid in a Layer 3 (IP/UDP) network. The vxlan(4) driver is analogous to vlan(4), but is designed to be better suited for large, multiple-tenant datacenter environments. [r284365]
The cdce(4) driver has been updated to include support for the RTL8153 chipset. [r284499]
The sfxge(4) driver has been updated to support Solarflare Flareon Ultra 7000-series chipsets. [r284555] (Sponsored by Solarflare Communications, Inc.)
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
The uart(4) driver has been updated to include support for the AMT serial interface found on the Lenovo� ThinkPad™ T61. [r278407]
The uart(4) driver has been updated to include support for the AMT serial interface found on the Lenovo� ThinkPad™ T400. [r279924]
The snd_hda(4) driver has been updated to support the Lenovo� ThinkPad™ X1 20BS model. [r281963]
The virtio_console(4) driver has been added, which provides an interface to VirtIO console devices through a tty(4) device. [r275273]
The bhyve(8) hypervisor has been updated to support AMD� processors with SVM and AMD-V hardware extensions. [r276403]
The bhyve(8) hypervisor has been
updated to support DSM TRIM commands for
virtual AHCI disks. [r280370]
The Hyper-V™ drivers have been updated with several enhancements: [r283280] (Sponsored by Microsoft Open Source Technology Center)
The hv_vmbus(4) driver now has multi-channel support.
The hv_storvsc(4) driver now has scatter/gather support, in addition to performance improvements.
The hv_kvp(4) driver has received several bug fixes.
The hv_netvsc(4) driver has been updated to support checksum offloading and TSO. [r285236] (Sponsored by Microsoft Open Source Technology Center)
Support to turn off the BeagleBone Black
system with the shutdown(8) -p flag or
by invoking poweroff(8) has been added. [r278079]
Support for the Exynos 5420 Octa system has been added. [r278599]
The SMP option has been enabled for all Exynos 5 systems supported by FreeBSD. [r278599]
The bcm2835_cpufreq
driver has been added, which supports CPU
frequency and voltage control on the Raspberry Pi
SOC. [r278608]
Support for the Toradex Apalis i.MX6 development board has been added. [r283500]
Audio transmission drivers have been added for Digital Audio Multiplexer (AUDMUXM), Smart Direct Memory Access Controller (SDMA), and Syncronous Serial Interface (SSI). [r283500]
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
The ctl(4) LUN mapping has been rewritten, replacing iSCSI-specific mapping mechanisms with a new mechanism that works for any port. [r279002] (Sponsored by iXsystems)
The ctld(8) utility has been updated to allow controlling non-iSCSI ctl(4) ports. [r279055] (Sponsored by iXsystems)
The
autofs(5) subsystem has been updated to include a new
auto_master(5) map, -media, which
allows automatically mounting removable media, such as
CD drives or USB flash
drives. [r283223]
(Sponsored by
The�FreeBSD�Foundation)
The
autofs(5) subsystem has been updated to include a new
auto_master(5) map, -noauto, which
handles fstab(5) entries set to
noauto. [r283242]
(Sponsored by
The�FreeBSD�Foundation)
The ctld(8) utility has been updated to include support for registering iSCSI targets and portals on iSNS servers. This provides a mechanism which allows iSCSI initiators to find targets and portals without requiring active discovery. [r274939] (Sponsored by iXsystems)
The
mount_nfs(8) utility has been updated to include support
for the timeo, actimeo,
noac, and proto
options. [r275249]
(Sponsored by
The�FreeBSD�Foundation)
A new tunable,
vfs.zfs.spa_slop_shift, has been added,
which controls how much space is reserved by default. [r275490]
The arc_meta_limit
statistics are now visible through the
kstat sysctl(8). As a result of this
change, the vfs.zfs.arc_meta_used
sysctl(8) has been removed, and replaced with the
kstat.zfs.misc.arcstats.arc_meta_used
sysctl(8). [r277583]
This section covers the boot loader, boot menu, and other boot-related changes.
Support for bzipfs
has been added to the EFI loader. [r281323]
The boot loader has been updated to
support entering the GELI passphrase before
loading the kernel. To enable this behavior, add
geom_eli_passphrase_prompt="YES" to
loader.conf(5). [r281843]
The memory test run at boot time on FreeBSD/amd64 platforms has been disabled by default. [r283262] (Sponsored by The�FreeBSD�Foundation)
A new ttys(5) class,
3wire, has been added. This is similar to
the existing terminal classes, but does not have a defined
baudrate. [r283972]
[arm] The ttys(5) file for FreeBSD/arm has been
updated to enable ttyu1,
ttyu2, and ttyu3 by
default, if the callin port is an active console port. [r284775]
(Sponsored by
The�FreeBSD�Foundation)
This section describes changes that affect networking in FreeBSD.
Support for PLPMTUD blackhole detection (RFC 4821) has been added to the tcp(4) stack, disabled by default. New control tunables have been added: [r273838] (Sponsored by Limelight Networks)
| Tunable | Description |
|---|---|
net.inet.tcp.pmtud_blackhole_detection | Enables or disables PLPMTUD blackhole detection |
net.inet.tcp.pmtud_blackhole_mss | MSS to try for IPv4 |
net.inet.tcp.v6pmtud_blackhole_mss | MSS to try for IPv6 |
New monitoring sysctl(8)s haven been added:
| Tunable | Description |
|---|---|
net.inet.tcp.pmtud_blackhole_activated | Number of times the code was activated to attempt downshifting the MSS |
net.inet.tcp.pmtud_blackhole_min_activated | Number of times the blackhole MSS was used in an attempt to downshift |
net.inet.tcp.pmtud_blackhole_failed | Number of times that the blackhole failed to connect after downshifting the MSS |
This section covers changes to the FreeBSD�Ports Collection, package infrastructure, and package maintenance and installation tools.
The ports-mgmt/pkg
package has been updated to version 1.5.4 in the
quarterly branch, and version 1.5.5 in the
head branch.
The x11-servers/xorg-server package
for FreeBSD�10.2-RELEASE has been updated to version
1.14.7_5.
The x11/xorg package
for FreeBSD�10.2-RELEASE has been updated to version
7.7_2.
The x11/gnome3 package
for FreeBSD�10.2-RELEASE has been updated to version
3.14.2.
The x11/kde4 package
for FreeBSD�10.2-RELEASE has been updated to version
4.14.3.
This section convers changes that are specific to the FreeBSD�Release Engineering processes.
The
Release Engineering build tools have been updated to support
building FreeBSD/arm images without external utilities for
supported boards where a corresponding
u-boot port exists in the Ports
Collection. [r283161]
(Sponsored by
The�FreeBSD�Foundation)
The FreeBSD/i386 memory stick installation images are now created using the mkimg(1) utility, matching the way the FreeBSD/amd64 images are created. [r283548] (Sponsored by The�FreeBSD�Foundation)
The
default pkg(8) repository set in
/etc/pkg/FreeBSD.conf now defaults to
the quarterly package set. To use the
latest branch (as was the previous
default), the comment at the top of
/etc/pkg/FreeBSD.conf explains how to
disable the default repository and specify an alternative
repository. [r285830]
(Sponsored by
The�FreeBSD�Foundation)
This file, and other release-related documents, can be downloaded from https://www.FreeBSD.org/releases/.
For questions about FreeBSD, read the documentation before contacting <[email protected]>.
All users of FreeBSD 10.2-STABLE should subscribe to the <[email protected]> mailing list.
For questions about this documentation, e-mail <[email protected]>.