FreeBSD 11.3-RELEASE Release Notes
Abstract
The release notes for FreeBSD 11.3-RELEASE contain a summary of the changes made to the FreeBSD base system on the 11.3-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
Table of Contents
Introduction
This document contains the release notes for FreeBSD 11.3-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 11.3-RELEASE is a release
distribution. It can be found at https://www.FreeBSD.org/releases/
or any of its
mirrors. More information on obtaining this (or other) release
distributions of FreeBSD can be found in the Obtaining
FreeBSD' appendix to the FreeBSD
Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.3-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 11.2-RELEASE. In general, changes described here are unique to the 11.3-STABLE branch unless specifically marked as MERGED features.
Typical release note items document recent security advisories issued after 11.2-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Upgrading from Previous Releases of FreeBSD
[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are supported,
according to the instructions in
/usr/src/UPDATING
.
Important: Upgrading FreeBSD should only be attempted after backing up all data and configuration files.
Security and Errata
This section lists the various Security Advisories and Errata Notices since 11.2-RELEASE.
Security Advisories
Advisory | Date | Topic |
---|---|---|
06 August 2018 |
Resource exhaustion in TCP reassembly |
|
14 August 2018 |
L1 Terminal Fault (L1TF) Kernel Information Disclosure |
|
14 August 2018 |
Resource exhaustion in IP fragment reassembly |
|
14 August 2018 |
Unauthenticated EAPOL-Key Decryption Vulnerability |
|
12 September 2018 |
Improper ELF header parsing |
|
27 November 2018 |
Multiple vulnerabilities |
|
4 December 2018 |
Insufficient bounds checking |
|
19 December 2018 |
Buffer overflow |
|
5 February 2019 |
Kernel data register leak |
|
5 February 2019 |
File description reference count leak |
|
14 May 2019 |
Multiple vulnerabilities |
|
14 May 2019 |
Authenticated denial of service in ntpd(8) |
|
14 May 2019 |
IPv6 fragment reassembly panic in pf(4) |
|
14 May 2019 |
ICMP/ICMP6 packet filter bypass in pf(4) |
|
14 May 2019 |
Microarchitectural Data Sampling |
|
2 July 2019 |
iconv(3) buffer overflow |
|
2 July 2019 |
Privilege escalation in cd(4) |
Errata Notices
Errata | Date | Topic |
---|---|---|
12 September 2018 |
Regression in Lazy FPU remediation |
|
27 September 2018 |
IP fragment remediation causes IPv6 reassembly failure |
|
27 September 2018 |
Null pointer dereference in
|
|
27 September 2018 |
Denial of service in |
|
27 September 2018 |
Small kernel memory disclosures in two system calls |
|
27 November 2018 |
ICMP buffer underwrite |
|
27 November 2018 |
Timezone database information update |
|
27 November 2018 |
Deferred kernel loading breaks loader password |
|
19 December 2018 |
Kernel panic when attaching to stopped process |
|
19 December 2018 |
Kernel panic under load on Intel Skylake™ CPUs |
|
19 December 2018 |
ZFS vnode reclaim deadlock |
|
9 January 2019 |
sqlite update |
|
9 January 2019 |
Timezone database information update |
|
9 January 2019 |
kqueue race condition and kernel panic |
|
14 May 2019 |
Timezone database information update |
|
14 May 2019 |
install(1) broken with partially matching relative paths |
Userland
This section covers changes and additions to userland applications, contributed software, and system utilities.
Userland Configuration Changes
The
jail(8) utility has been updated to include a new
jail.conf(5) parameter, allow.read_msgbuf
, which
prevents jailed processes and users from accessing the
dmesg(8) buffer. This parameter is set to false
by
default.
(r339446)
The system
crontab(5), /etc/crontab
, has been updated to set
PATH
for consistency with the
cron(8) daemon.
(r342103)
The default devd.conf(5) has been updated to prevent duplicated hostapd(8) and wpa_supplicant(8) startup via devd(8). (r343469)
Userland Application Changes
The cpuset(1), sockstat(1), ipfw(8), and ugidfw(8) utilities have been updated to support jail(8) names. (r336040)
The
newfs_msdos(8) utililty has been updated to include a new flag,
-T
, which is used to specify the timestamp for build
reproducibility.
(r336328)
The
dd(1) utility has been updated to add a new
status`operand, `progress
, which reports the current
status on a single line every second.
(r338364)
The lastlogin(8) utility has been updated to include libxo(3) support. (r338452)
The traceroute(8) utility has been updated to include libcasper(3) support. (r338475)
The makewhatis(1) utility has been updated to prevent operating within read-only directories. (r340963)
The
jail(8) utility has been updated to add a new flag,
-e
, which takes a
jail.conf(5) parameter as an argument and prints a list of
non-wildcard jails with the specified parameter.
(r341790)
The
ktrdump(8) utility has been updated to include the
-l
flag which enables "live" mode when specified.
(r342706)
The trim(8) utility has been added, which deletes content for blocks on flash-based storage devices that use wear-leveling algorithms. (r343118)
The newfs(8) and tunefs(8) utilities have been updated to allow underscores in label names. (r343538) (Sponsored by Netflix)
The
pfctl(8) utility has been updated to provide clearer output and
reference the net.pf.request_maxcount
sysctl(8) if a defined table is too large.
(r344020)
The
sh(1) utility has been updated to add the pipefail
option which simplifies checking the exit status of all commands in
a pipeline.
(r345561)
Contributed Software
The ELF Tool Chain has been updated to version r3614. (r338414) (Sponsored by The FreeBSD Foundation)
The lld utility has been updated to add -z
interpose
, marking the object file as an interposer.
(r339100) (Sponsored by The FreeBSD
Foundation)
The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0. (r346296)
The WPA utilities have been updated to version 2.8. (r346981)
OpenSSL has been updated to version 1.0.2s. (r348343)
The libarchive(3) library has been updated to version 3.3.3, with additional fixes from upstream. (r348607)
OpenPAM has been updated to the latest upstream version. (r348980)
/etc/rc.d
Scripts
Support for auxiliary RAM has been added to
/etc/rc.initdiskless
.
(r340611)
The
rcorder(8) utility has been updated to add support for
/etc/rc.resume
.
(r340966)
The jail_conf
definition, which defaults to
/etc/jail.conf
, has been moved from the
jail(8)
rc(8) script to /etc/defaults/rc.conf
.
(r341792)
The rc_service
variable has been added to
rc.subr(8), which defaults to the path of the service being
executed in case the service needs to re-invoke itself.
(r343046)
Timezone data files have been updated to version 2019b. (r349620)
/etc/periodic
Scripts
The
periodic(8) weekly 340.noid
script has been
updated to prevent decending into the root directory of jails.
(r341794)
Runtime Libraries and API
The setproctitle_fast(3) function has been added, which is optimized for high-frequency process title updates. (r336449)
The
kqueue(2) system call has been updated to allow updating
EVFILT_TIMER
.
(r337418) (Sponsored by Dell
EMC)
The pthread_get_name_np(3) function has been added, which is used to retrieve the function name associated with a thread. (r338405)
The pthread(3) library has been updated to improve POSIX compliance. (r338707)
Kernel
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
General Kernel Changes
The ddb(4) debugging utility has been updated to print command-line arguments to a process. (r339857) (Sponsored by Panzura)
The number of MSI IRQs have been converted from a constant to a
tunable. The default remains at 512
, which can now be
changed during boot with the machdep.num_msi_irqs
sysctl(8).
(r342656)
The kernel will now log the
jail(8) ID when logging a process exit. The
jail(8) ID 0
represents processes that are not
jailed.
(r343084) (Sponsored by Modirum
MDPay)
Warnings for features deprecated in future releases will now be printed on all FreeBSD versions. (r348753)
Devices and Drivers
This section covers changes and additions to devices and device drivers since 11.2-RELEASE.
Device Drivers
The ichwd(4) driver has been updated to include support for TCO watchdog timers in the Lewisburg PCH (C620) chipset. (r340182) (Sponsored by Panzura)
The ae(4)
, bm(4)
, cs(4)
,
de(4)
, dme(4)
, ed(4)
,
ep(4)
, ex(4)
, fe(4)
,
pcn(4)
, sf(4)
, sn(4)
,
tl(4)
, tx(4)
, txp(4)
,
vx(4)
, wb(4)
, and xe(4)
drivers have been marked as deprecated, and are not present in
FreeBSD 13.0.
(r347962)
Network Drivers
The TP-Link TL-WN321G™ network adapter now uses the run(4) driver instead of the rum(4) driver. (r340369)
The mlx4en(4) and mlx5en(4) drivers have been updated to version 3.5.0. (r341987) (Sponsored by Mellanox Technologies)
The lagg(4) driver has been updated to allow changing the MTU without requiring destroying and recreating the interface. (r342206) (Sponsored by iXsystems)
The ccr(4) driver has been added, providing support for Chelsio T6™ cryptography accelerators. (r345040) (Sponsored by Chelsio Communications)
The cxgbe(4) driver has been updated to include support for hash filters, NAT offloading, and SMAC/DMAC swapping filters. (r346855) (Sponsored by Chelsio Communications)
Hardware Support
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
Hardware Support
Virtualization Support
Storage
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
General Storage
ZFS
Boot Loader Changes
This section covers the boot loader, boot menu, and other boot-related changes.
Boot Loader Changes
The functionality provided by zfsloader
has been
added to
loader(8). Once the system boot blocks have been updated
following UPDATING
, zfsloader
is no
longer needed. A hard link to
loader(8) has been added to ease in the transition.
(r344399)
The UEFI boot loader(8) has been updated to better determine the system console type and device if not defined in loader.conf(5). (r344403)
Networking
This section describes changes that affect networking in FreeBSD.
General Network Changes
Ports Collection and Package Infrastructure
This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.
Packaging Changes
The pkg(8) utility has been updated to version 1.10.5.
The KDE desktop environment has been updated to version 5.15.3.
The GNOME desktop environment has been updated to version 3.28.
Release Engineering and Integration
This section convers changes that are specific to the FreeBSD Release Engineering processes.
Integration Changes
The default size of virtual machine disk images has been reduced
from 30GB to 3GB. The raw
disk images may be resized
with
truncate(1), after which the growfs
rc(8) script will resize the filesystem within the virtual
machine. Other disk image formats should be resized with the
appropriate tool provided by the hypervisor being used.
(r347037) (Sponsored by The FreeBSD
Foundation)
Last modified on: June 19, 2021 by Danilo G. Baio