FreeBSD 11.2-RELEASE Release Notes

The FreeBSD Project

FreeBSD is a registered trademark of the FreeBSD Foundation.

IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.

IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.

Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the symbol.

Last modified on 2018-06-21 14:13:05 EDT by gjb.
Abstract

The release notes for FreeBSD 11.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 11.2-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.


Table of Contents
1. Introduction
2. Upgrading from Previous Releases of FreeBSD
3. Security and Errata
3.1. Security Advisories
3.2. Errata Notices
4. Userland
4.1. Userland Application Changes
4.2. Contributed Software
4.3. Installation and Configuration Tools
5. Kernel
5.1. General Kernel Changes
5.2. Kernel Bug Fixes
5.3. Kernel Configuration
5.4. System Tuning and Controls
6. Devices and Drivers
6.1. Device Drivers
7. Hardware Support
7.1. Virtualization Support
8. Storage
8.1. geom(4)
9. Boot Loader Changes
9.1. Boot Loader Changes
10. Networking
10.1. General Network Changes
11. Ports Collection and Package Infrastructure
11.1. Packaging Changes
12. Release Engineering and Integration
12.1. Integration Changes

1.�Introduction

This document contains the release notes for FreeBSD 11.2-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

This distribution of FreeBSD 11.2-RELEASE is a release distribution. It can be found at https://www.FreeBSD.org/releases/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the Obtaining FreeBSD appendix to the FreeBSD Handbook.

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.2-RELEASE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed features in FreeBSD since 11.1-RELEASE. In general, changes described here are unique to the 11.2-STABLE branch unless specifically marked as MERGED features.

Typical release note items document recent security advisories issued after 11.1-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

2.�Upgrading from Previous Releases of FreeBSD

[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.

Important:

Upgrading FreeBSD should only be attempted after backing up all data and configuration files.

3.�Security and Errata

This section lists the various Security Advisories and Errata Notices since 11.1-RELEASE.

3.1.�Security Advisories

AdvisoryDateTopic
FreeBSD-SA-17:06.openssh10�August�2017

Denial of Service vulnerability

FreeBSD-SA-17:07.wpa16�October�2017

WPA2 protocol vulnerability

FreeBSD-SA-17:08.ptrace15�November�2017

Kernel data leak via ptrace(PT_LWPINFO)

FreeBSD-SA-17:10.kldstat15�November�2017

Information leak

FreeBSD-SA-17:11.openssl29�November�2017

Multiple vulnerabilities

FreeBSD-SA-17:12.openssl09�December�2017

Multiple vulnerabilities

FreeBSD-SA-18:01.ipsec07�March�2018

Fix IPSEC validation and use-after-free

FreeBSD-SA-18:02.ntp07�March�2018

Multiple vulnerabilities

FreeBSD-SA-18:03.speculative_execution14�March�2018

Speculative Execution Vulnerabilities

Note:

This advisory addresses the most significant issues for FreeBSD�11.x on amd64 CPUs. We expect to update this advisory to include i386 and other CPUs.

FreeBSD-SA-18:04.vt04�April�2018

Fix vt(4) console memory disclosure

FreeBSD-SA-18:05.ipsec04�April�2018

Fix denial of service

FreeBSD-SA-18:06.debugreg08�May�2018

Mishandling of x86 debug exceptions

FreeBSD-SA-18:07.lazyfpu21�June�2018

Fix Lazy FPU information disclosure

3.2.�Errata Notices

ErrataDateTopic
FreeBSD-EN-17:07.vnet10�August�2017

VNET kernel panic with asynchronous I/O

FreeBSD-EN-17:08.pf10�August�2017

pf(4) housekeeping thread causes kernel panic

FreeBSD-EN-17:09.tzdata2�November�2017

Timezone database information update

FreeBSD-EN-18:01.tzdata07�March�2018

Timezone database information update

FreeBSD-EN-18:02.file07�March�2018

Stack-based buffer overflow

FreeBSD-EN-18:03.tzdata04�April�2018

Update timezone database information

FreeBSD-EN-18:04.mem04�April�2018

Multiple small kernel memory disclosures

FreeBSD-EN-18:05.mem08�May�2018

Multiple small kernel memory disclosures

FreeBSD-EN-18:06.tzdata08�May�2018

Update timezone database information

4.�Userland

This section covers changes and additions to userland applications, contributed software, and system utilities.

4.1.�Userland Application Changes

The ln(1) utility has been updated to correct the behavior of the -F flag by unlinking an existing directory before creating a symbolic link. [r321092]

The crontab(1) utility has been updated to include a new flag, -f, which forces crontab(5) removal when -r is used non-interactively. [r321241]

The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs. [r321262]

The sesutil(8) utility has been updated to include libxo(3) support in output. [r321287] (Sponsored by Gandi.net)

The diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller. The -s and -p flags are mutually exclusive, and cannot be used with any other flags. [r321927]

The diskinfo(8) utility has also been updated to include device model when the -s flag is used. [r321929]

The top(1) utility has been updated to allow filtering on multiple user names when the -U flag is used. [r322509]

The bsdgrep(1) utility has been updated to include a rgrep hard link to grep(1), which when used is equivalent to grep�-r. [r322525]

The bsdgrep(1) utility has been updated to address various issues with pattern matching behavior. [r322555]

The umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem. [r322910]

The pw(8) utility has been updated to properly handle empty secondary group lists as an argument to the -G flag when using the usermod subcommand. [r322919]

The getconf(1) utility has been updated to include a new flag, -a, which prints the name and value of all system or path configuration values to stdout(4) or optionally a file as an argument to -a. [r324124] (Sponsored by Chelsio Communications)

The ps(1) utility has been updated to reflect realtime and idle priorities in state flags. [r324270]

The ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by C. [r324271]

The cpucontrol(8) utility has been updated to include a new flag, -n, that disables the default microcode update search path when used. [r324380]

The fsck_ffs(8) utility has been updated to prevent a filesystem from being reported as modified when only the timestamp in the superblock is updated. [r324674]

The diskinfo(8) utility has been updated to display disk rotation rate and if TRIM/UNMAP is supported by the disk. [r325003] (Sponsored by Spectra Logic)

The rsh(1) utility has been updated to include a new flag, -N, which disables shutdown of a socket sending path when used. [r325473]

The pfctl(8) utility has been updated to allow route-to to properly handle network interfaces with multiple IP addresses. [r326413]

The camcontrol(8) utility has been updated to include ZAC (Zoned-device ATA command set) information when the identify subcommand is used. [r326778] (Sponsored by Spectra Logic)

The pw(8) utility has been updated to correct handling of account expiration periods. [r326848]

The mdmfs(8) utility has been updated to support tmpfs(5). [r327592]

The lint(1) utility is not longer built by default. The WITH_LINT src.conf(5) option has been added to enable building and installing the utility. [r327837]

The cpucontrol(8) utility has been updated to include a new flag, -e, which is used to re-evaluate reported CPU features after applying firmware updates. [r327871]

Note:

The cpucontrol(8) -e flag should only be used after microcode update have been applied to all CPUs in the system, otherwise system instability may be experienced if processor features are not identical across the system.

The indent(1) utility has been updated to respect the SIMPLE_BACKUP_SUFFIX environment variable if set. [r328138]

The du(1) utility has been updated to include the --si long option, which is used to display output in "human-readable" output in powers of 1000. [r328139]

The df(1) utility has been updated to include the --si long option, which is an alias to -H. [r328140]

The service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID. [r328599]

The fsck_ffs(8) utility has been updated to exit with a non-zero status when the filesystem is not repaired. [r328604] (Sponsored by Dell EMC)

The nvmecontrol(8) utility has been updated to print the full 128 bit value for SMART data, instead of the hexadecimal value. [r328668]

The nvmecontrol(8) utility has been updated to include control options for Western Digital� HGST drives. The new options are cap-diag, get-crash-dump, drive-log, purge, and purge-monitor. [r328716]

The dhclient(8) utility has been updated to be more compliant with RFC2131 by setting the source address field in the IP header to 0 when sending a DHCPREQUEST message to attempt to obtain a previously-assigned IP address. [r330692] (Sponsored by Dell EMC)

The pw(8) utility has been updated to allow the @ and ! characters in the GECOS field. [r330694] (Sponsored by Dell EMC)

The zfsd(8) utility has been updated to work with any type of GEOM provider, including md(4), geli(8), glabel(8), and gstripe(8). [r330733] (Sponsored by Spectra Logic)

The ps(1) utility has been updated to include a jail keyword, which when used will list the name of a jail(8) instead of the numeric ID. [r331471]

The mlx5tool(8) utility has been added, which is used to manage Connect-X�4 and Connect-X�5 devices supported by mlx5io(4). [r331586] (Sponsored by Mellanox Technologies)

The sysctl(8) utility has been updated to support setting an array of values to nodes. Prior to this change, sysctl(8) could only set one value to a node that may return multiple values when queried. [r331603] (Sponsored by Chelsio Communications)

The ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface. [r331729]

The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager. [r332126] (Sponsored by Netflix)

The etdump(1) utility has been added, which is used to view El Torito boot catalog information. [r332947]

The mount(8) utility has been updated to allow fallback to mount media read-only if an attempt to mount write-protected media read-write fails. This behavior is disabled by default, and can be requested with the new autoro option. [r322753]

The makefs(8) utility has been updated to default the block and fragment sizes to match that of newfs(8), 32K and 4K, respectively. [r332460] (Sponsored by The�FreeBSD�Foundation)

The pwd_mkdb(8) utility has been updated to emit a notice that legacy database support will be removed effective FreeBSD�12 when the -l flag is used. [r332929] (Sponsored by The�FreeBSD�Foundation)

The dhclient(8) utility has been updated to allow the interface-mtu option to be overridden with a supersede entry in dhclient.conf(5). [r334789]

4.2.�Contributed Software

The libarchive(3) library has been updated to version 3.3.2. [r321303]

Subversion has been updated to version 1.9.7. [r322442]

The dtc(1) utility has been updated to upstream commit 9ce35ff8. [r328495]

The file(1) utility has been updated to version 5.32. [r328874]

OpenSSH has been updated to version 7.5p1. [r323136]

The mandoc(1) utility has been updated to version 1.14.3. [r324581]

The tcpdump(1) utility has been updated to version 4.9.2. [r327234]

The NTP utilities have been updated to version 4.2.8p11. [r330106]

The less(1) utility has been updated to upstream version v530. [r330570]

The bmake utility has been updated to upstream version 20180222. [r331246]

The BSD-licensed diff(1) utility has been imported from OpenBSD, which is installed if WITHOUT_GNU_DIFF is set in src.conf(5), and otherwise not installed by default. [r331465]

OpenSSL has been updated to version 1.0.2o. [r331638]

The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 6.0.0. [r331838]

Timezone data files have been updated to version 2018e. [r333312]

The libxo(3) library has been updated to version 0.9.0. [r334458]

4.3.�Installation and Configuration Tools

[arm64] The bsdinstall(8) installer has been updated to default to UEFI-only boot. [r322254] (Sponsored by The�FreeBSD�Foundation)

5.�Kernel

This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.

5.1.�General Kernel Changes

The linux(4) ABI compaibility layer has been updated to include support for musl consumers. [r321007]

The fdescfs(5) filesystem has been updated to support Linux�-specific fd(4) /dev/fd and /proc/self/fd behavior. [r322340]

Support for multiple realtime clocks has been added. [r323447]

5.2.�Kernel Bug Fixes

The ng_iface(4) driver has been updated to prevent a possible system crash. [r324175]

The ipfw(4) packet filter has been updated to identify layer-2 and layer-3 packets, fixing dummynet(4) AQM packet marking. [r325730]

An issue causing boot issues with Intel� Apollo Lake™ CPUs has been fixed. [r333166]

5.3.�Kernel Configuration

The watchdog(4) facility has been updated to make SW_WATCHDOG dynamic, enabling the software watchdogd(8) option whenever a hardware watchdog is not present. [r327920]

5.4.�System Tuning and Controls

The p1003_1b.aio_listio_max sysctl(8) has been changed to a runtime-configurable tunable. [r326322] (Sponsored by Spectra Logic)

6.�Devices and Drivers

This section covers changes and additions to devices and device drivers since 11.1-RELEASE.

6.1.�Device Drivers

The cxgbe(4) driver has been updated to firmware version 1.16.63.0 for T4, T5, and T6 network adapters. [r330307] (Sponsored by Chelsio Communications)

The ng_pppoe(4) driver has been updated to add support for user-supplied Host-Uniq tags. [r331058]

Support for the TAIO USB multi-protocol adapter (TUMPA) has been added. [r331500]

The mlx5io(4) driver has been added, providing an interface to manage supported Connect-X�4 and Connect-X�5 network adapters. [r331586] (Sponsored by Mellanox Technologies)

The cm(4) and fpa(4) drivers have been marked as deprecated, and will be removed in FreeBSD�12. [r331882] (Sponsored by DARPA, AFRL)

The ocs_fc(4) driver has been added, supporting Emulex�16/8G�FC�GEN�5 HBAs LPe15004 and LPe160XX, and Emulex�32/16G�FC�GEN�6 HBAs LPe3100X and LPe3200X. [r332040] (Sponsored by Broadcom Limited)

The ixgb(4) driver has been marked as deprecated, and will be removed in FreeBSD�12. [r333171]

The ixl(4) driver has been updated to version 1.9.9-k. [r333343] (Sponsored by Intel Corporation)

The nxge(4) driver has been marked as deprecated, and will be removed in FreeBSD�12. [r333367]

The lmc(4) driver has been marked as deprecated, and will be removed in FreeBSD�12. [r333412] (Sponsored by The�FreeBSD�Foundation)

The smartpqi(4) driver has been added, providing support for Microsemi� SCSI controllers. [r333417]

The vxge(4) driver has been marked as deprecated, and will be removed in FreeBSD�12. [r333738]

7.�Hardware Support

This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.

7.1.�Virtualization Support

Support for virtio_console(4) has been added to bhyve(4). [r321413]

8.�Storage

This section covers changes and additions to file systems and other storage subsystems, both local and networked.

8.1.�geom(4)

The geom_aes, geom_bsd, geom_mbr, geom_sunlabel geom(4) classes have been marked as deprecated. They have been replaced by the geom_part class in FreeBSD�7, and removed from the GENERIC kernel configurations in FreeBSD�8, and will be removed in FreeBSD�12. [r332519]

9.�Boot Loader Changes

This section covers the boot loader, boot menu, and other boot-related changes.

9.1.�Boot Loader Changes

The boot code and loader(8) have been updated to check for unsupported ZFS feature flags. If unsupported features are active, the pool is not considered as a bootable pool, and a diagnostic message is printed to the console. [r321519]

The loader(8) has been updated to improve quotation parsing, distinguishing between single- and double-quotes, and check for terminating quotes. [r329010]

The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior. [r329114]

10.�Networking

This section describes changes that affect networking in FreeBSD.

10.1.�General Network Changes

The icmp6(4) protocol has been updated to fix ICMPv6 redirects. [r329581] (Sponsored by Dell EMC)

11.�Ports Collection and Package Infrastructure

This section covers changes to the FreeBSD�Ports Collection, package infrastructure, and package maintenance and installation tools.

11.1.�Packaging Changes

The pkg(8) utility has been updated to version 1.10.5.

12.�Release Engineering and Integration

This section convers changes that are specific to the FreeBSD�Release Engineering processes.

12.1.�Integration Changes

Amazon� EC2™ instances now keep their clocks synchronized using the Amazon Time Sync Service, the NTP service internal to the EC2™ infrastructure. [r326892]

The i386 memory stick image installers have been changed to use the MBR partitioning scheme, which addresses a boot issue from a GPT partition scheme in non-UEFI mode. [r333410] (Sponsored by The�FreeBSD�Foundation)

The amd64 memory stick image installers have been changed to use the MBR partitioning scheme, which addresses a boot issue from a GPT partition scheme in non-UEFI mode. [r334444] (Sponsored by The�FreeBSD�Foundation)

This file, and other release-related documents, can be downloaded from https://www.FreeBSD.org/releases/.

For questions about FreeBSD, read the documentation before contacting <[email protected]>.

All users of FreeBSD 11.2-STABLE should subscribe to the <[email protected]> mailing list.

For questions about this documentation, e-mail <[email protected]>.