Copyright � 2019 The FreeBSD Documentation Project
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “�” symbol.
The release notes for FreeBSD 11.3-RELEASE contain a summary of the changes made to the FreeBSD base system on the 11.3-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 11.3-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD
11.3-RELEASE is a release distribution. It can be
found at https://www.FreeBSD.org/releases/ or
any of its mirrors. More information on obtaining this (or
other) release distributions of FreeBSD can be found in the
“Obtaining
FreeBSD” appendix to the FreeBSD
Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.3-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 11.2-RELEASE. In general, changes described here are unique to the 11.3-STABLE branch unless specifically marked as MERGED features.
Typical release note items document recent security advisories issued after 11.2-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are
supported, according to the instructions in
/usr/src/UPDATING.
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.
This section lists the various Security Advisories and Errata Notices since 11.2-RELEASE.
| Advisory | Date | Topic |
|---|---|---|
| FreeBSD-SA-18:08.tcp | 06�August�2018 | Resource exhaustion in TCP reassembly |
| FreeBSD-SA-18:09.l1tf | 14�August�2018 | L1 Terminal Fault (L1TF) Kernel Information Disclosure |
| FreeBSD-SA-18:10.ip | 14�August�2018 | Resource exhaustion in IP fragment reassembly |
| FreeBSD-SA-18:11.hostapd | 14�August�2018 | Unauthenticated EAPOL-Key Decryption Vulnerability |
| FreeBSD-SA-18:12.elf | 12�September�2018 | Improper ELF header parsing |
| FreeBSD-SA-18:13.nfs | 27�November�2018 | Multiple vulnerabilities |
| FreeBSD-SA-18:14.bhyve | 4�December�2018 | Insufficient bounds checking |
| FreeBSD-SA-18:15.bootpd | 19�December�2018 | Buffer overflow |
| FreeBSD-SA-19:01.syscall | 5�February�2019 | Kernel data register leak |
| FreeBSD-SA-19:02.fd | 5�February�2019 | File description reference count leak |
| FreeBSD-SA-19:03.wpa | 14�May�2019 | Multiple vulnerabilities |
| FreeBSD-SA-19:04.ntp | 14�May�2019 | Authenticated denial of service in ntpd(8) |
| FreeBSD-SA-19:05.pf | 14�May�2019 | IPv6 fragment reassembly panic in pf(4) |
| FreeBSD-SA-19:06.pf | 14�May�2019 | ICMP/ICMP6 packet filter bypass in pf(4) |
| FreeBSD-SA-19:07.mds | 14�May�2019 | Microarchitectural Data Sampling |
| FreeBSD-SA-19:09.iconv | 2�July�2019 | iconv(3) buffer overflow |
| FreeBSD-SA-19:11.cd_ioctl | 2�July�2019 | Privilege escalation in cd(4) |
| Errata | Date | Topic |
|---|---|---|
| FreeBSD-EN-18:08.lazyfpu | 12�September�2018 | Regression in Lazy FPU remediation |
| FreeBSD-EN-18:09.ip | 27�September�2018 | IP fragment remediation causes IPv6 reassembly failure |
| FreeBSD-EN-18:10.syscall | 27�September�2018 | Null pointer dereference in
|
| FreeBSD-EN-18:11.listen | 27�September�2018 | Denial of service in |
| FreeBSD-EN-18:12.mem | 27�September�2018 | Small kernel memory disclosures in two system calls |
| FreeBSD-EN-18:13.icmp | 27�November�2018 | ICMP buffer underwrite |
| FreeBSD-EN-18:14.tzdata | 27�November�2018 | Timezone database information update |
| FreeBSD-EN-18:15.loader | 27�November�2018 | Deferred kernel loading breaks loader password |
| FreeBSD-EN-18:16.ptrace | 19�December�2018 | Kernel panic when attaching to stopped process |
| FreeBSD-EN-18:17.vm | 19�December�2018 | Kernel panic under load on Intel� Skylake™ CPUs |
| FreeBSD-EN-18:18.zfs | 19�December�2018 | ZFS vnode reclaim deadlock |
| FreeBSD-EN-19:03.sqlite | 9�January�2019 | sqlite update |
| FreeBSD-EN-19:04.tzdata | 9�January�2019 | Timezone database information update |
| FreeBSD-EN-19:05.kqueue | 9�January�2019 | kqueue race condition and kernel panic |
| FreeBSD-EN-19:08.tzdata | 14�May�2019 | Timezone database information update |
| FreeBSD-EN-19:09.xinstall | 14�May�2019 | install(1) broken with partially matching relative paths |
This section covers changes and additions to userland applications, contributed software, and system utilities.
The jail(8) utility has been
updated to include a new jail.conf(5) parameter,
allow.read_msgbuf, which prevents jailed
processes and users from accessing the dmesg(8) buffer.
This parameter is set to false by
default. [r339446]
The system crontab(5),
/etc/crontab, has been updated to set
PATH for consistency with the cron(8)
daemon. [r342103]
The default devd.conf(5) has been updated to prevent duplicated hostapd(8) and wpa_supplicant(8) startup via devd(8). [r343469]
A new variable,
init_exec, has been added to kenv(1),
allowing init(8) to run an executable file after opening
the console, replacing init(8) as PID
1. [r346479]
The cpuset(1), sockstat(1), ipfw(8), and ugidfw(8) utilities have been updated to support jail(8) names. [r336040]
The newfs_msdos(8) utililty has
been updated to include a new flag, -T,
which is used to specify the timestamp for build
reproducibility. [r336328]
The dd(1) utility has been updated
to add a new statusoperand,
progress, which reports the current status
on a single line every second. [r338364]
The last(1) utility has been updated to include libxo(3) support. [r338451]
The lastlogin(8) utility has been updated to include libxo(3) support. [r338452]
The traceroute(8) utility has been updated to include libcasper(3) support. [r338475]
The diff(1) utility has been
updated to implement -B and
--ignore-blank-lines support. [r339160]
The makewhatis(1) utility has been updated to prevent operating within read-only directories. [r340963]
The jail(8) utility has been
updated to add a new flag, -e, which takes
a jail.conf(5) parameter as an argument and prints a list
of non-wildcard jails with the specified parameter. [r341790]
The ktrdump(8) utility has been
updated to include the -l flag which
enables "live" mode when specified. [r342706]
The trim(8) utility has been added, which deletes content for blocks on flash-based storage devices that use wear-leveling algorithms. [r343118]
The gzip(1) utility has been
updated to add -l support for xz(1)
files. [r343251]
The newfs(8) and tunefs(8) utilities have been updated to allow underscores in label names. [r343538] (Sponsored by Netflix)
The pfctl(8) utility has been
updated to provide clearer output and reference the
net.pf.request_maxcount sysctl(8)
if a defined table is too large. [r344020]
The newfs(8) and tunefs(8) utilities have been updated to allow dashes in label names. [r344052]
The fdisk(8) utility has been updated to support sectors larger than 2048 bytes. [r344490]
The sh(1) utility has been updated
to add the pipefail option which simplifies
checking the exit status of all commands in a pipeline. [r345561]
The patch(1) utility has been updated to exit successfully if the input patch file is zero-length. [r345878]
The spi(8) utility has been added, which is used to communicate with devices on an SPI bus through the userland. [r346518]
The xz(1) utility has been updated to version 5.2.4. [r334607]
The file(1) utility has been updated to version 5.34. [r337827]
The ELF Tool Chain has been updated to version r3614. [r338414] (Sponsored by The�FreeBSD�Foundation)
The
lld utility has been updated to add
-z interpose, marking the object file as
an interposer. [r339100]
(Sponsored by
The�FreeBSD�Foundation)
The file(1) utility has been updated to fix incorrect date reporting for dump(8) files. [r343079]
The LUA loader(8) has been merged. [r344220]
The ntpd(8) utilities have been updated to version 4.2.8p13. [r344884]
The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0. [r346296]
The WPA utilities have been updated to version 2.8. [r346981]
OpenSSL has been updated to version 1.0.2s. [r348343]
The libarchive(3) library has been updated to version 3.3.3, with additional fixes from upstream. [r348607]
OpenPAM has been updated to the latest upstream version. [r348980]
Support for auxiliary
RAM has been added to
/etc/rc.initdiskless. [r340611]
The rcorder(8) utility has been
updated to add support for
/etc/rc.resume. [r340966]
The jail_conf
definition, which defaults to
/etc/jail.conf, has been moved from
the jail(8) rc(8) script to
/etc/defaults/rc.conf. [r341792]
The rc_service
variable has been added to rc.subr(8), which defaults to
the path of the service being executed in case the service
needs to re-invoke itself. [r343046]
Timezone data files have been updated to version 2019b. [r349620]
The periodic(8) weekly
340.noid script has been updated to
prevent decending into the root directory of jails. [r341794]
The pcap(3) library has been updated to version 1.9.0 (pre-release). [r335640]
The setproctitle_fast(3) function has been added, which is optimized for high-frequency process title updates. [r336449]
The kqueue(2) system call has been
updated to allow updating
EVFILT_TIMER. [r337418]
(Sponsored by
Dell EMC)
The pthread_get_name_np(3) function has been added, which is used to retrieve the function name associated with a thread. [r338405]
The pthread(3) library has been updated to improve POSIX compliance. [r338707]
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
The ddb(4) debugging utility has been updated to print command-line arguments to a process. [r339857] (Sponsored by Panzura)
The number of MSI
IRQs have been converted from a constant to
a tunable. The default remains at 512,
which can now be changed during boot with the
machdep.num_msi_irqs sysctl(8). [r342656]
The kernel will now log the jail(8)
ID when logging a process exit. The
jail(8) ID 0
represents processes that are not jailed. [r343084]
(Sponsored by
Modirum MDPay)
Warnings for features deprecated in future releases will now be printed on all FreeBSD versions. [r348753]
This section covers changes and additions to devices and device drivers since 11.2-RELEASE.
The ichwd(4) driver has been updated to include support for TCO watchdog timers in the Lewisburg PCH (C620) chipset. [r340182] (Sponsored by Panzura)
The random(4) driver has been updated to improve performance during expensive reseeding. [r345981]
The ae(4),
bm(4), cs(4),
de(4), dme(4),
ed(4), ep(4),
ex(4), fe(4),
pcn(4), sf(4),
sn(4), tl(4),
tx(4), txp(4),
vx(4), wb(4), and
xe(4) drivers have been marked as
deprecated, and are not present in FreeBSD�13.0. [r347962]
The oce(4) driver has been updated to version 11.0.50.0. [r338938]
The TP-Link� TL-WN321G™ network adapter now uses the run(4) driver instead of the rum(4) driver. [r340369]
The mlx4en(4) and mlx5en(4) drivers have been updated to version 3.5.0. [r341987] (Sponsored by Mellanox Technologies)
The lagg(4) driver has been updated to allow changing the MTU without requiring destroying and recreating the interface. [r342206] (Sponsored by iXsystems)
The ccr(4) driver has been added, providing support for Chelsio� T6™ cryptography accelerators. [r345040] (Sponsored by Chelsio Communications)
The cxgbe(4) driver has been updated to include support for hash filters, NAT offloading, and SMAC/DMAC swapping filters. [r346855] (Sponsored by Chelsio Communications)
The cxgbe(4) T4, T5, and T6 firmware has been updated to version 1.23.0.0. [r346940] (Sponsored by Chelsio Communications)
The ixl(4) driver has been updated version 1.11.9. [r349181] (Sponsored by Intel Corporation)
The ixlv(4) driver has been updated version 1.5.8. [r349181] (Sponsored by Intel Corporation)
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
This section covers the boot loader, boot menu, and other boot-related changes.
The functionality provided by
zfsloader has been added to
loader(8). Once the system boot blocks have been updated
following UPDATING,
zfsloader is no longer needed. A hard
link to loader(8) has been added to ease in the
transition. [r344399]
The loader(8) has been updated to extend geli(8) support to all architectures. [r344399]
The UEFI boot loader(8) has been updated to better determine the system console type and device if not defined in loader.conf(5). [r344403]
This section describes changes that affect networking in FreeBSD.
This section covers changes to the FreeBSD�Ports Collection, package infrastructure, and package maintenance and installation tools.
The pkg(8) utility has been updated to version 1.10.5.
The KDE desktop environment has been updated to version 5.15.3.
The GNOME desktop environment has been updated to version 3.28.
This section convers changes that are specific to the FreeBSD�Release Engineering processes.
The
default size of virtual machine disk images has been reduced
from 30GB to 3GB. The raw disk images may
be resized with truncate(1), after which the
growfs rc(8) script will resize the
filesystem within the virtual machine. Other disk image
formats should be resized with the appropriate tool provided
by the hypervisor being used. [r347037]
(Sponsored by
The�FreeBSD�Foundation)
This file, and other release-related documents, can be downloaded from https://www.FreeBSD.org/releases/.
For questions about FreeBSD, read the documentation before contacting <[email protected]>.
All users of FreeBSD 11.3-STABLE should subscribe to the <[email protected]> mailing list.
For questions about this documentation, e-mail <[email protected]>.