Copyright � 2018 The FreeBSD Documentation Project
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “�” symbol.
The release notes for FreeBSD 11.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 11.2-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 11.2-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD
11.2-RELEASE is a release distribution. It can be
found at https://www.FreeBSD.org/releases/ or
any of its mirrors. More information on obtaining this (or
other) release distributions of FreeBSD can be found in the
“Obtaining
FreeBSD” appendix to the FreeBSD
Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.2-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 11.1-RELEASE. In general, changes described here are unique to the 11.2-STABLE branch unless specifically marked as MERGED features.
Typical release note items document recent security advisories issued after 11.1-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are
supported, according to the instructions in
/usr/src/UPDATING.
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.
This section lists the various Security Advisories and Errata Notices since 11.1-RELEASE.
| Advisory | Date | Topic |
|---|---|---|
| FreeBSD-SA-17:06.openssh | 10�August�2017 | Denial of Service vulnerability |
| FreeBSD-SA-17:07.wpa | 16�October�2017 | WPA2 protocol vulnerability |
| FreeBSD-SA-17:08.ptrace | 15�November�2017 | Kernel data leak via
|
| FreeBSD-SA-17:10.kldstat | 15�November�2017 | Information leak |
| FreeBSD-SA-17:11.openssl | 29�November�2017 | Multiple vulnerabilities |
| FreeBSD-SA-17:12.openssl | 09�December�2017 | Multiple vulnerabilities |
| FreeBSD-SA-18:01.ipsec | 07�March�2018 | Fix IPSEC validation and use-after-free |
| FreeBSD-SA-18:02.ntp | 07�March�2018 | Multiple vulnerabilities |
| FreeBSD-SA-18:03.speculative_execution | 14�March�2018 |
Speculative Execution Vulnerabilities Note:This advisory addresses the most significant issues for FreeBSD�11.x on amd64 CPUs. We expect to update this advisory to include i386 and other CPUs. |
| FreeBSD-SA-18:04.vt | 04�April�2018 | Fix vt(4) console memory disclosure |
| FreeBSD-SA-18:05.ipsec | 04�April�2018 | Fix denial of service |
| FreeBSD-SA-18:06.debugreg | 08�May�2018 | Mishandling of x86 debug exceptions |
| FreeBSD-SA-18:07.lazyfpu | 21�June�2018 | Fix Lazy FPU information disclosure |
| Errata | Date | Topic |
|---|---|---|
| FreeBSD-EN-17:07.vnet | 10�August�2017 | VNET kernel panic with asynchronous I/O |
| FreeBSD-EN-17:08.pf | 10�August�2017 | pf(4) housekeeping thread causes kernel panic |
| FreeBSD-EN-17:09.tzdata | 2�November�2017 | Timezone database information update |
| FreeBSD-EN-18:01.tzdata | 07�March�2018 | Timezone database information update |
| FreeBSD-EN-18:02.file | 07�March�2018 | Stack-based buffer overflow |
| FreeBSD-EN-18:03.tzdata | 04�April�2018 | Update timezone database information |
| FreeBSD-EN-18:04.mem | 04�April�2018 | Multiple small kernel memory disclosures |
| FreeBSD-EN-18:05.mem | 08�May�2018 | Multiple small kernel memory disclosures |
| FreeBSD-EN-18:06.tzdata | 08�May�2018 | Update timezone database information |
This section covers changes and additions to userland applications, contributed software, and system utilities.
The ln(1) utility has been updated
to correct the behavior of the -F flag by
unlinking an existing directory before creating a symbolic
link. [r321092]
The crontab(1) utility has been
updated to include a new flag, -f, which
forces crontab(5) removal when -r is
used non-interactively. [r321241]
The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs. [r321262]
The sesutil(8) utility has been updated to include libxo(3) support in output. [r321287] (Sponsored by Gandi.net)
The diskinfo(8) utility has been
updated to include two new flags, -s which
displays the disk identity (usually the serial number), and
-p which displays the physical path to the
disk in a storage controller. The -s and
-p flags are mutually exclusive, and cannot
be used with any other flags. [r321927]
The diskinfo(8) utility has also
been updated to include device model when the
-s flag is used. [r321929]
The top(1) utility has been updated
to allow filtering on multiple user names when the
-U flag is used. [r322509]
The bsdgrep(1) utility has been
updated to include a rgrep hard link to
grep(1), which when used is equivalent to
grep�-r. [r322525]
The bsdgrep(1) utility has been updated to address various issues with pattern matching behavior. [r322555]
The umount(8) utility has been
updated to include a new flag, -N, which
is used to forcefully unmount an NFS
mounted filesystem. [r322910]
The pw(8) utility has been updated
to properly handle empty secondary group lists as an argument
to the -G flag when using the
usermod subcommand. [r322919]
The getconf(1) utility has been
updated to include a new flag, -a, which
prints the name and value of all system or path configuration
values to stdout(4) or optionally a file as an argument
to -a. [r324124]
(Sponsored by
Chelsio Communications)
The ps(1) utility has been updated to reflect realtime and idle priorities in state flags. [r324270]
The ps(1) utility has been updated
to display if a process is running with capsicum(4)
capability mode, indicated by C. [r324271]
The cpucontrol(8) utility has been
updated to include a new flag, -n, that
disables the default microcode update search path when
used. [r324380]
The fsck_ffs(8) utility has been updated to prevent a filesystem from being reported as modified when only the timestamp in the superblock is updated. [r324674]
The diskinfo(8) utility has been updated to display disk rotation rate and if TRIM/UNMAP is supported by the disk. [r325003] (Sponsored by Spectra Logic)
The rsh(1) utility has been updated
to include a new flag, -N, which disables
shutdown of a socket sending path when used. [r325473]
The pfctl(8) utility has been
updated to allow route-to to properly
handle network interfaces with multiple IP
addresses. [r326413]
The camcontrol(8) utility has
been updated to include ZAC (Zoned-device
ATA command set) information when the
identify subcommand is used. [r326778]
(Sponsored by
Spectra Logic)
The pw(8) utility has been updated to correct handling of account expiration periods. [r326848]
The mdmfs(8) utility has been updated to support tmpfs(5). [r327592]
The lint(1) utility is not longer
built by default. The WITH_LINT
src.conf(5) option has been added to enable building and
installing the utility. [r327837]
The cpucontrol(8) utility has been
updated to include a new flag, -e, which is
used to re-evaluate reported CPU features
after applying firmware updates. [r327871]
The cpucontrol(8) -e flag should
only be used after microcode update have been applied to all
CPUs in the system, otherwise system
instability may be experienced if processor features are not
identical across the system.
The indent(1) utility has been
updated to respect the SIMPLE_BACKUP_SUFFIX
environment variable if set. [r328138]
The du(1) utility has been updated
to include the --si long option, which is
used to display output in "human-readable" output in
powers of 1000. [r328139]
The df(1) utility has been updated
to include the --si long option, which is
an alias to -H. [r328140]
The service(8) utility has been
updated to include a new flag, -j, which is
used to interact with services running within a jail(8).
The argument to -j can be either the name
or numeric jail ID. [r328599]
The fsck_ffs(8) utility has been updated to exit with a non-zero status when the filesystem is not repaired. [r328604] (Sponsored by Dell EMC)
The nvmecontrol(8) utility has been updated to print the full 128 bit value for SMART data, instead of the hexadecimal value. [r328668]
The nvmecontrol(8) utility has been
updated to include control options for Western Digital�
HGST drives. The new options are cap-diag,
get-crash-dump,
drive-log, purge, and
purge-monitor. [r328716]
The dhclient(8) utility has been
updated to be more compliant with RFC2131
by setting the source address field in the
IP header to 0 when
sending a DHCPREQUEST message to attempt to
obtain a previously-assigned IP
address. [r330692]
(Sponsored by
Dell EMC)
The pw(8) utility has been updated to
allow the @ and !
characters in the GECOS field. [r330694]
(Sponsored by
Dell EMC)
The zfsd(8) utility has been updated to work with any type of GEOM provider, including md(4), geli(8), glabel(8), and gstripe(8). [r330733] (Sponsored by Spectra Logic)
The ps(1) utility has been updated
to include a jail keyword, which when used
will list the name of a jail(8) instead of the numeric
ID. [r331471]
The mlx5tool(8) utility has been added, which is used to manage Connect-X�4 and Connect-X�5 devices supported by mlx5io(4). [r331586] (Sponsored by Mellanox Technologies)
The sysctl(8) utility has been updated to support setting an array of values to nodes. Prior to this change, sysctl(8) could only set one value to a node that may return multiple values when queried. [r331603] (Sponsored by Chelsio Communications)
The ifconfig(8) utility has been
updated to include a random option, which
when used with the ether option, generates
a random MAC address for an
interface. [r331729]
The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager. [r332126] (Sponsored by Netflix)
The etdump(1) utility has been added, which is used to view El Torito boot catalog information. [r332947]
The mount(8) utility has been
updated to allow fallback to mount media read-only if an
attempt to mount write-protected media read-write fails. This
behavior is disabled by default, and can be requested with the
new autoro option. [r322753]
The makefs(8) utility has been updated to default the block and fragment sizes to match that of newfs(8), 32K and 4K, respectively. [r332460] (Sponsored by The�FreeBSD�Foundation)
The
pwd_mkdb(8) utility has been updated to emit a notice
that legacy database support will be removed effective
FreeBSD�12 when the -l flag is
used. [r332929]
(Sponsored by
The�FreeBSD�Foundation)
The dhclient(8) utility has been
updated to allow the interface-mtu option
to be overridden with a supersede entry in
dhclient.conf(5). [r334789]
The libarchive(3) library has been updated to version 3.3.2. [r321303]
Subversion has been updated to version 1.9.7. [r322442]
The dtc(1) utility has been updated to upstream commit 9ce35ff8. [r328495]
The file(1) utility has been updated to version 5.32. [r328874]
OpenSSH has been updated to version 7.5p1. [r323136]
The mandoc(1) utility has been updated to version 1.14.3. [r324581]
The tcpdump(1) utility has been updated to version 4.9.2. [r327234]
The NTP utilities have been updated to version 4.2.8p11. [r330106]
The less(1) utility has been updated to upstream version v530. [r330570]
The bmake utility has been updated to upstream version 20180222. [r331246]
The BSD-licensed
diff(1) utility has been imported from OpenBSD, which is
installed if WITHOUT_GNU_DIFF is set in
src.conf(5), and otherwise not installed by
default. [r331465]
OpenSSL has been updated to version 1.0.2o. [r331638]
The clang,
llvm,
lld,
lldb, and
compiler-rt utilities as well as
libc++ have been updated to upstream
version 6.0.0. [r331838]
Timezone data files have been updated to version 2018e. [r333312]
The libxo(3) library has been updated to version 0.9.0. [r334458]
[arm64] The bsdinstall(8) installer has been updated to default to UEFI-only boot. [r322254] (Sponsored by The�FreeBSD�Foundation)
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
The linux(4) ABI
compaibility layer has been updated to include support for
musl consumers. [r321007]
The fdescfs(5) filesystem has been
updated to support Linux�-specific fd(4)
/dev/fd and
/proc/self/fd behavior. [r322340]
Support for multiple realtime clocks has been added. [r323447]
The ng_iface(4) driver has been updated to prevent a possible system crash. [r324175]
The ipfw(4) packet filter has been updated to identify layer-2 and layer-3 packets, fixing dummynet(4) AQM packet marking. [r325730]
An issue causing boot issues with Intel� Apollo Lake™ CPUs has been fixed. [r333166]
The watchdog(4) facility has been
updated to make SW_WATCHDOG dynamic,
enabling the software watchdogd(8) option whenever
a hardware watchdog is not present. [r327920]
This section covers changes and additions to devices and device drivers since 11.1-RELEASE.
The cxgbe(4) driver has been updated to firmware version 1.16.63.0 for T4, T5, and T6 network adapters. [r330307] (Sponsored by Chelsio Communications)
The ng_pppoe(4) driver has been
updated to add support for user-supplied
Host-Uniq tags. [r331058]
Support for the TAIO USB multi-protocol adapter (TUMPA) has been added. [r331500]
The mlx5io(4) driver has been added, providing an interface to manage supported Connect-X�4 and Connect-X�5 network adapters. [r331586] (Sponsored by Mellanox Technologies)
The cm(4) and fpa(4) drivers have been marked as deprecated, and will be removed in FreeBSD�12. [r331882] (Sponsored by DARPA, AFRL)
The ocs_fc(4) driver has been added, supporting Emulex�16/8G�FC�GEN�5 HBAs LPe15004 and LPe160XX, and Emulex�32/16G�FC�GEN�6 HBAs LPe3100X and LPe3200X. [r332040] (Sponsored by Broadcom Limited)
The ixgb(4) driver has been marked as deprecated, and will be removed in FreeBSD�12. [r333171]
The ixl(4) driver has been updated to version 1.9.9-k. [r333343] (Sponsored by Intel Corporation)
The nxge(4) driver has been marked as deprecated, and will be removed in FreeBSD�12. [r333367]
The lmc(4) driver has been marked as deprecated, and will be removed in FreeBSD�12. [r333412] (Sponsored by The�FreeBSD�Foundation)
The smartpqi(4) driver has been added, providing support for Microsemi� SCSI controllers. [r333417]
The vxge(4) driver has been marked as deprecated, and will be removed in FreeBSD�12. [r333738]
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
Support for virtio_console(4) has been added to bhyve(4). [r321413]
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
This section covers the boot loader, boot menu, and other boot-related changes.
The boot code and loader(8) have been updated to check for unsupported ZFS feature flags. If unsupported features are active, the pool is not considered as a bootable pool, and a diagnostic message is printed to the console. [r321519]
The loader(8) has been updated to improve quotation parsing, distinguishing between single- and double-quotes, and check for terminating quotes. [r329010]
The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior. [r329114]
This section describes changes that affect networking in FreeBSD.
This section covers changes to the FreeBSD�Ports Collection, package infrastructure, and package maintenance and installation tools.
The pkg(8) utility has been updated to version 1.10.5.
This section convers changes that are specific to the FreeBSD�Release Engineering processes.
Amazon� EC2™ instances now keep their clocks synchronized using the Amazon Time Sync Service, the NTP service internal to the EC2™ infrastructure. [r326892]
The i386 memory stick image installers have been changed to use the MBR partitioning scheme, which addresses a boot issue from a GPT partition scheme in non-UEFI mode. [r333410] (Sponsored by The�FreeBSD�Foundation)
The amd64 memory stick image installers have been changed to use the MBR partitioning scheme, which addresses a boot issue from a GPT partition scheme in non-UEFI mode. [r334444] (Sponsored by The�FreeBSD�Foundation)
This file, and other release-related documents, can be downloaded from https://www.FreeBSD.org/releases/.
For questions about FreeBSD, read the documentation before contacting <[email protected]>.
All users of FreeBSD 11.2-STABLE should subscribe to the <[email protected]> mailing list.
For questions about this documentation, e-mail <[email protected]>.