Copyright � 2016 The FreeBSD Documentation Project
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “�” symbol.
The release notes for FreeBSD 10.3-RELEASE contain a summary of the changes made to the FreeBSD base system on the 10.3-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 10.3-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
The snapshot distribution to
which these release notes apply represents a point along the
10.3-STABLE development branch between 10.2-RELEASE and
the future 10.4-RELEASE. Information regarding pre-built,
binary snapshot distributions along this branch can be
found at https://www.FreeBSD.org/releases/.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 10.3-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 10.2-RELEASE.
Typical release note items document recent security advisories issued after 10.2-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
[amd64,i386] Binary upgrades between RELEASE versions
(and snapshots of the various security branches) are supported
using the freebsd-update(8) utility. The binary upgrade
procedure will update unmodified userland utilities, as well as
unmodified GENERIC kernel distributed as
a part of an official FreeBSD release. The freebsd-update(8)
utility requires that the host being upgraded have Internet
connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are
supported, according to the instructions in
/usr/src/UPDATING.
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.
This section lists the various Security Advisories and Errata Notices since 10.2-RELEASE.
| Advisory | Date | Topic |
|---|---|---|
| FreeBSD-SA-15:20.expat | 18�August�2015 | Fix multiple integer overflows in libbsdxml(3). |
| FreeBSD-SA-15:22.openssh | 25�August�2015 | Multiple vulnerabilities |
| FreeBSD-SA-15:24.rpcbind | 29�September�2015 | Remote denial of service |
| FreeBSD-SA-15:25.ntp | 26�October�2015 | Multiple vulnerabilities |
| FreeBSD-SA-15:26.openssl | 5�December�2015 | Multiple vulnerabilities |
| FreeBSD-SA-16:01.sctp | 14�January�2016 | ICMPv6 error message vulnerability |
| FreeBSD-SA-16:02.ntp | 14�January�2016 | Panic threshold bypass vulnerability |
| FreeBSD-SA-16:03.linux | 14�January�2016 | Incorrect |
| FreeBSD-SA-16:04.linux | 14�January�2016 | setgroups(2) system call vulnerability |
| FreeBSD-SA-16:05.tcp | 14�January�2016 | MD5 signature denial of service |
| FreeBSD-SA-16:06.bsnmpd | 14�January�2016 | Insecure default configuration file permissions |
| FreeBSD-SA-16:07.openssh | 14�January�2016 | OpenSSH client information leak |
| FreeBSD-SA-16:09.ntp | 27�January�2016 | Multiple vulnerabilities. |
| FreeBSD-SA-16:10.linux | 27�January�2016 | issetugid(2) system call vulnerability. |
| FreeBSD-SA-16:11.openssl | 30�January�2016 | SSLv2 cipher suite downgrade vulnerability. |
| Errata | Date | Topic |
|---|---|---|
| FreeBSD-EN-15:11.toolchain | 18�August�2015 | Fix make(1) syntax errors when upgrading from FreeBSD�9.x and earlier. |
| FreeBSD-EN-15:12.netstat | 18�August�2015 | Fix incorrect netstat(1) data handling on 32-bit systems. |
| FreeBSD-EN-15:13.vidcontrol | 18�August�2015 | Allow size argument to vidcontrol(1) for syscons(4). |
| FreeBSD-EN-15:15.pkg | 25�August�2015 | Insufficient check of supported pkg(7) signature methods. |
| FreeBSD-EN-15:16.pw | 16�September�2015 | Fix pw(8) regression when creating numeric users or groups. |
| FreeBSD-EN-15:17.libc | 16�September�2015 | Fix libc handling of signals for multi-threaded processes. |
| FreeBSD-EN-15:18.pkg | 16�September�2015 | Implement |
| FreeBSD-EN-15:19.kqueue | 4�November�2015 | kqueue(2) write events never fire for files larger than 2GB. |
| FreeBSD-EN-15:20.vm | 4�November�2015 | Applications exiting due to segmentation violation on a correct memory address. |
| FreeBSD-EN-16:01.filemon | 14�January�2016 | bmake and filemon(4) stability issues. |
| FreeBSD-EN-16:02.pf | 14�January�2016 | Invalid TCP checksum issue. |
| FreeBSD-EN-16:03.yplib | 14�January�2016 | YP/NIS library bug. |
This section covers changes and additions to userland applications, contributed software, and system utilities.
The
ar(1) utility now supports a -D flag to
prevent real mtime, uid, gid, and file mode values from being
inserted. This is called “deterministic mode”
and useful for making the resulting archives reproducible.
This behavior is enabled by default, and can be disabled by
specifying a -U flag. [r287326,288202]
(Sponsored by
The�FreeBSD�Foundation)
The camcontrol(8)
fwdownload subcommand has been improved.
Changes include better support of SATA drives, downloading
firmaware to IBM LTO drives, -q flag to
suppress information output, and opcodes
subcommand to issue the REPORT SUPPORTED
OPCODES service action of the SCSI
MAINTENANCE IN command. [r286965]
The cp(1) utility has been updated
to include a new flag, -s, which creates
a symbolic link to the specified source. [r291774]
A bug in the ctladm(8) utility which could return a non-zero value even if it succeeds has been fixed. [r285929]
A bug in the grdc(6) program which caused a wrong display in the 12-hour mode has been fixed. [r288185]
The ifconfig(8) utility now reports
SFP/SFP+ data when a -v flag is specified and
the NIC driver provides them. [r286810]
(Sponsored by
Yandex LLC)
Bugs in the inetd(8) daemon which
could cause a crash when an RPC entry is defined and an IPv6
address is specified in -a flag have been
fixed. [r288048]
The jail(8) utility has been
updated to include a new flag, -l, which
ensures a clean environment in the target jail when used.
Additionally, jail(8) will run a shell within the target
jail when run no commands are specified. [r286064]
The last(1) utility now supports
reboot as a pseudo-user name which prints
all system reboot entries (SHUTDOWN_TIME
and BOOT_TIME records). This was
accidentally removed as of FreeBSD 9.0. [r286952]
The mv(1) utility now returns
1 instead of 64
when more than two arguments are specified and
the target is not a valid directory. [r287027]
The mkimg(1) utility has been
updated to include support for NTFS
filesystems in both MBR and
GPT partitioning schemes. [r287122]
A bug in the mkimg(1) utility which prevented dynamic VHD format from working with QEMU has been fixed. [r287122]
A bug in the netstat(1) utility which showed the statistics in the number of packets divided by 1024, not 1000 has been fixed. [r287593]
The pciconf(8) utility has been
updated to use the PCI ID database from the misc/pciids package, if present,
falling back to the PCI ID database in the FreeBSD base
system. [r287746]
A new utility, sesutil(8), has been added, which is used to manage ses(4) devices. [r288710] (Sponsored by Gandi.net)
Support for a
-manage-gids flag has been added to
nfsuserd(8). This option can be enabled at boot time by
setting an rc.conf(5) variable
nfs_server_managegids to
YES. [r292231]
The pkill(1) utility now supports
jail(2) name in a -j option in addition to
jail(2) ID. [r287269]
userdel and
usermod subcommand of the pw(8) utility
now supports a -y flag. [r287084]
The resolver library has been updated to
reload /etc/resolv.conf if the
modification time has changed. [r292462]
(Sponsored by
Dell, Inc.)
The initial implementation of “reroot” support has been added to the reboot(8) utility, allowing the root filesystem to be mounted from a temporary source filesystem without requiring a full system reboot. [r293744] (Sponsored by The�FreeBSD�Foundation)
The timeout(1) utility has been added. This utility runs a command with a time limit and is compatible with GNU timeout. [r287392]
The watchdogd(8) daemon now supports
a -x
option to specify the timeout period in seconds to
leave in effect when the program exits. [r287080]exit_timeout
The ypinit(8) script now supports
eui64 NIS map file. [r287375]
A bug in libarchive(3) library which
could report an error when handling a sparse file entry
in a tar file has been fixed
by importing changeset bf4f6ec64e. [r286082]
Time zone database has been updated to
version 2015f. [r286751]
The file(1) utility has been updated to version 5.25. [r290152]
The xz(1) utility has been updated to version 5.2.2, which provides support for multi-threaded compression. [r292588]
The ntpd(8) utility has been updated to version 4.2.8p5. [r293650]
The unbound(8) utility has been updated to version 1.5.7. [r294190]
The less(1) utility has been updated to version v481. [r294286]
The
unbound-control-setup script has been
removed from the base system. [r295690]
The unbound(8) utility has been
updated to enable the insecure-lan-zones
option in preference of listing each AS112
zone individually. [r295691]
The OpenSSL suite has been updated to version 1.0.1s. [r296317]
The OpenSSH suite has been updated to version 7.2p2. [r296853]
The bsdinstall(8) utility has been updated to support ZFS installation on EFI-based systems. [r295264] (Sponsored by ScaleEngine, Inc.)
The rc.d/netwait
script has been updated to wait for network
interfaces that attach late in the boot process, such as some
USB network cards. [r294680]
Firewall rules set by
firewall_type="SIMPLE" now uses
ipfw(4) tables for addresses to be
blocked. [r287091]
The rc.d/netif
script now updates only static routes when an interface
is specified. [r287737]
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
The vt(4) terminal console driver now
supports ALT_BREAK_TO_DEBUGGER and
debug.kdb.alt_break_to_debugger sysctl
variable when kernel debugger support (options
KDB) is enabled. [r286742]
The vt(4) terminal console driver now
supports kern.vt.bell_enable sysctl variable
to enable or disable terminal bell. The default is
1 (enabled). [r287782]
A thread_create()
function has been added as an API to create userspace thread in
kernel space. [r286843]
The kqueue(2) system call has been updated to handle write events to files larger than 2 gigabytes. [r288167] (Sponsored by Multiplay)
This section covers changes and additions to devices and device drivers since 10.2-RELEASE.
[arm] The imxwdt
driver, which supports Freescale i.MX watchdog, has been
fixed. [r287079]
The puc(4) driver now supports MSI
interrupts and prefers it to the legacy interrupts. This
behavior can be disabled by setting
hw.puc.msi_disable loader tunable. [r287926]
A bug in the uart(4) driver which could cause a polarity reversal of PPS (Pulse Per Second) capture events has been fixed. The trailing edge of a positive PPS pulse and the leading edge of the next pulse were used as "assert" and "clear" event respectively. [r287037]
The uart(4) driver now supports
runtime configuration of PPS signal source captured by the
driver via dev.uart.pps_mode and
dev.uart.
sysctl variables. The values 0.pps_mode0,
1, and 2 correspond to
disabled, capturing pulses on the CTS line,
and capturing pulses on the DCD line, respectively.
The default value is 2. [r287037]
The uftdi(4) driver now supports
UFTDIIOC_READ_EEPROM,
UFTDIIOC_WRITE_EEPROM,
and UFTDIIOC_ERASE_EEPROM
ioctl(2) to
read/write serial EEPROM attached to the controller chip. [r287035]
Legacy ata(4) drivers such as
ataahci, ataadaptec,
and mv_sata have been removed in favor of
the new drivers such as ahci(4), siis(4), and
mvs(4). [r280451]
The CTL High Availability implementation has been rewritten. [r288732] (Sponsored by iXsystems)
The ctl(4) driver has been updated to support CD-ROM and removable devices. [r288810]
The isp(4) driver has been updated and improved: added support for 16Gbps FC cards, improved target mode support, completed Multi-ID (NPIV) functionality. (Sponsored by iXsystems)
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
This section covers the boot loader, boot menu, and other boot-related changes.
Initial terminal emulation support has
been added to loader.efi for
UEFI-based systems. [r294445]
Initial ZFS boot support has been added to the EFI implementation. [r294999] (Sponsored by Multiplay)
The UEFI loader has
been updated to support multiple ZFS boot
environments, such as those provided by sysutils/beadm. [r295475]
(Sponsored by
ScaleEngine, Inc.)
This section describes changes that affect networking in FreeBSD.
The epair(4) virtual
Ethernet interface and the lagg(4) pseudo interface now
support VIMAGE kernel. [r287594,287723]
A bug in the epair(4) virtual
Ethernet interface which could cause a panic when running
ifconfig(8) create and
destory quickly has been fixed. [r287594]
sysctl(3) variables in the
lagg(4) pseudo interface
net.link.lagg.
have been removed in favor of per-interface ifconfig(8)
flags and options. N.*ifconfig -v
command shows them. [r287723]
Bugs in the lagg(4) pseudo interface which could cause a system panic have been fixed. [r287723]
A bug in pf(4) packet filter which
could cause a rule with no log parameter to
log the matched packet has been fixed. [r286125]
(Sponsored by
Netgate)
A bug in FreeBSD IPv6 stack which did not
invoke an LLENTRY_DELETED event when an L2
address was deleted from the link-level address table for
IPv6. [r286316]
Obsolete APIs,
SIOCGDRLST_IN6 and
SIOCGPRLST_IN6 in FreeBSD IPv6 stack have been
removed. [r287733]
This file, and other release-related documents, can be downloaded from https://www.FreeBSD.org/releases/.
For questions about FreeBSD, read the documentation before contacting <[email protected]>.
All users of FreeBSD 10.3-STABLE should subscribe to the <[email protected]> mailing list.
For questions about this documentation, e-mail <[email protected]>.