FreeBSD 11.0-STABLE Release Notes

The FreeBSD Project

FreeBSD is a registered trademark of the FreeBSD Foundation.

IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.

IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.

Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the ® symbol.

Last modified on 2017-06-22 13:31:44 by gjb.
Abstract

The release notes for FreeBSD 11.0-STABLE contain a summary of the changes made to the FreeBSD base system on the 11.0-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.

[ Split HTML / Single HTML ]

Table of Contents
1. Introduction
2. Upgrading from Previous Releases of FreeBSD
3. Security and Errata
3.1. Security Advisories
3.2. Errata Notices
4. Userland
4.1. Userland Configuration Changes
4.2. Userland Application Changes
4.3. Contributed Software
4.4. Installation and Configuration Tools
4.5. /etc/rc.d Scripts
4.6. /etc/periodic Scripts
4.7. Runtime Libraries and API
4.8. ABI Compatibility
4.9. Userland Debugging
5. Kernel
5.1. General Kernel Changes
5.2. Kernel Bug Fixes
5.3. Kernel Configuration
5.4. Kernel Modules
5.5. System Tuning and Controls
6. Devices and Drivers
6.1. Device Drivers
6.2. Storage Drivers
6.3. Network Drivers
7. Hardware Support
7.1. Hardware Support
7.2. Virtualization Support
7.3. ARM Support
8. Storage
8.1. General Storage
8.2. Networked Storage
8.3. ZFS
8.4. geom(4)
9. Boot Loader Changes
9.1. Boot Loader Changes
9.2. Boot Menu Changes
10. Networking
10.1. General Network Changes
10.2. Network Protocols
11. Ports Collection and Package Infrastructure
11.1. Infrastructure Changes
11.2. Packaging Changes
12. Documentation
12.1. Documentation Source Changes
12.2. Documentation Toolchain Changes
13. Release Engineering and Integration
13.1. Integration Changes

1. Introduction

This document contains the release notes for FreeBSD 11.0-STABLE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

The snapshot distribution to which these release notes apply represents a point along the 11.0-STABLE development branch between 11.0-RELEASE and the future 11.1-RELEASE. Information regarding pre-built, binary snapshot distributions along this branch can be found at https://www.FreeBSD.org/snapshots/.

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.0-STABLE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed features in FreeBSD since 11.0-RELEASE. In general, changes described here are unique to the 11.0-STABLE branch unless specifically marked as MERGED features.

Typical release note items document recent security advisories issued after 11.0-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

2. Upgrading from Previous Releases of FreeBSD

[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.

Important:

Upgrading FreeBSD should only be attempted after backing up all data and configuration files.

3. Security and Errata

This section lists the various Security Advisories and Errata Notices since 11.0-RELEASE.

3.1. Security Advisories

AdvisoryDateTopic
FreeBSD-SA-16:32.bhyve25 October 2016

Privilege escalation vulnerability

FreeBSD-SA-16:33.openssh2 November 2016

Remote Denial of Service vulnerability

FreeBSD-SA-16:36.telnetd6 December 2016

Possible login(1) argument injection

FreeBSD-SA-16:37.libc6 December 2016

link_ntoa(3) buffer overflow

FreeBSD-SA-16:38.bhyve6 December 2016

Possible escape from bhyve(8) virtual machine

FreeBSD-SA-16:39.ntp22 December 2016

Multiple vulnerabilities

FreeBSD-SA-17:01.openssh10 January 2017

Multiple vulnerabilities

FreeBSD-SA-17:02.openssl23 February 2017

Multiple vulnerabilities

FreeBSD-SA-17:03.ntp12 April 2017

Multiple vulnerabilities

FreeBSD-SA-17:04.ipfilter27 April 2017

Fix fragment handling panic

3.2. Errata Notices

ErrataDateTopic
FreeBSD-EN-16:18.loader25 October 2016

Loader may hang during boot

FreeBSD-EN-16:19.tzcode6 December 2016

Fix warnings about invalid timezone abbreviations

FreeBSD-EN-16:20.tzdata6 December 2016

Update timezone database information

FreeBSD-EN-16:21.localedef6 December 2016

Fix incorrectly defined unicode characters

FreeBSD-EN-17:01.pcie23 February 2017

Fix system hang when booting when PCI-express HotPlug is enabled

FreeBSD-EN-17:02.yp23 February 2017

Fix NIS master updates are not pushed to an NIS slave

FreeBSD-EN-17:03.hyperv23 February 2017

Fix compatibility with Hyper-V/storage after KB3172614 or KB3179574

FreeBSD-EN-17:04.mandoc23 February 2017

Make makewhatis(1) output reproducible

FreeBSD-EN-17:05.xen23 February 2017

Xen migration enhancements

4. Userland

This section covers changes and additions to userland applications, contributed software, and system utilities.

4.1. Userland Configuration Changes

The inetd(8) utility is now built without libwrap support when WITHOUT_TCP_WRAPPERS is set in src.conf(5). [r313203]

The libthr(3) library and related files are now evaluated and removed by the delete-old-libs target when upgrading the system if WITHOUT_LIBTHR is set in src.conf(5). [r316045]

The WITH_LLD_AS_LD build knob has been added, which installs LLD as /usr/bin/ld if set. [r316423] (Sponsored by The FreeBSD Foundation)

LLD has been enabled by default and installed as /usr/bin/ld on FreeBSD/arm64. [r318472] (Sponsored by The FreeBSD Foundation)

The WITH_RPCBIND_WARMSTART_SUPPORT src.conf(5) knob has been added, which when enabled allows building rpcbind(8) with warmstart support. [r319244]

4.2. Userland Application Changes

Support for blacklistd(8) has been added to OpenSSH. [r305476] (Sponsored by The FreeBSD Foundation)

The bspatch(1) utility has been updated with capsicum(4) support. [r306213]

The cron(8) utility has been updated to add support for including files within /etc/cron.d and /usr/local/etc/cron.d by default. [r308720] (Sponsored by Gandi.net)

The syslogd(8) utility has been updated to add the include keyword which allows specifying a directory containing configuration files to be included in addition to syslog.conf(5). The default syslog.conf(5) has been updated to include /etc/syslog.d and /usr/local/etc/syslog.d by default. [r308721] (Sponsored by Gandi.net)

The zfsbootcfg(8) utility has been added, providing one-time boot.config(5)-style options for zfsboot(8). [r308914]

The setkey(8) utility has been modified to show the runtime NAT-T configuration. The -g and -t flags have been added, which list only global and virtual policies, respectively, when used with the -D and -P flags. [r315514] (Sponsored by Yandex LLC)

The getaddrinfo(1) utility has been added, ported from NetBSD. [r316098] (Sponsored by Dell EMC)

The jail(8) utility has been updated to allow explicitly-assigned IPv4 and IPv6 addresses to be used within a jail. [r316944] (Sponsored by Multiplay)

The daemon(8) utility has been updated to allow redirecting stdout(4) and stderr(4) output to syslog(3) or to a file. [r317855]

The efivar(8) utility has been added, providing an interface to manage UEFI variables. [r318576] (Sponsored by The FreeBSD Foundation)

The cxgbetool(8) utility has been added, providing command-line access to features and debugging facilities of cxgbe(4) devices. [r319388]

The primes(6) utility now enumerates primes beyond 3825123056546413050, up to a new limit of 2^64 - 1. [r320218]

4.3. Contributed Software

readelf(1) has been updated to report arm program and section header types. [r305837]

The ELF Tool Chain has been updated to upstream revision r3490. [r305844] (Sponsored by The FreeBSD Foundation)

groff(1) has been updated to use the changelog date rather than file modification date in manual pages for build reproducibility. [r307631]

Note:

groff(1) is planned to be deprecated effective FreeBSD 12.0-RELEASE.

unbound(8) has been updated to version 1.5.10. [r307729]

strings(1) has been updated to fix the exit status when multiple files are provided as arguments, and an error is encountered before the last file. [r309125]

makewhatis(1) has been updated to produce build-reproducible output. [r309183] (Sponsored by The FreeBSD Foundation)

Subversion has been updated to version 1.9.5. [r309511]

file(1) has been updated to version 5.29. [r309847]

The amd(8) utility has been updated to version 6.2. [r310490]

The CLDR locales have been updated to version 30.0.3. The unicode locales have been updated to version 9.0.0. [r312336]

xz(1) has been updated to version 5.2.3. [r312517]

tcpdump(1) has been updated to version 4.9.0. [r313537]

zlib(3) has been updated to version 1.2.11. [r313795]

openresolv has been updated to version 3.9.0. [r313980]

The NetBSD test suite has been updated to the 01.11.2017_23.20 snapshot. [r313680]

libucl has been updated to version 20170219. [r314278]

libarchive(3) has been updated to version 3.3.1. [r315432]

dma(8) has been updated to the 2017-02-10 snapshot. [r315995]

ntpd(8) has been updated to version 4.2.8p10. [r316068]

ACPICA has been updated to version 20170303. [r316303]

Timezone data files have been updated to version 2017b. [r316349]

mandoc(1) has been updated to version 1.14. [r316420]

Clang has been updated to version 4.0.0. [r316423]

LLVM has been updated to version 4.0.0. [r316423]

LLD has been updated to version 4.0.0. [r316423]

LLDB has been updated to version 4.0.0. [r316423]

compiler-rt has been updated to version 4.0.0. [r316423]

libc++ has been updated to version 4.0.0. [r316423]

tcsh(1) has been updated to version 6.20.00. [r316957]

blacklistd(8) has been updated to the 20170503 snapshot. [r318239] (Sponsored by The FreeBSD Foundation)

blacklistd(8) support for OpenSSH has been refined to adjust notification points to catch all authentication failures rather than only those caused by invalid login usernames. [r318402] (Sponsored by The FreeBSD Foundation)

byacc(1) has been updated to version 20170201. [r319349]

bmake has been updated to version 20170510. [r319884]

4.4. Installation and Configuration Tools

The installer, bsdinstall(8), has been updated to include support for hidden wireless networks when configuring the wlan(4) interface. [r311686]

The default EFI partition created by bsdinstall(8) has been increased from 800KB to 200MB. [r320088] (Sponsored by The FreeBSD Foundation)

4.5. /etc/rc.d Scripts

The jail_confwarn rc.conf(5) entry has been added, which suppresses warnings about obsolete per-jail(8) configurations. [r310009] (Sponsored by FIS Global, Inc.)

4.6. /etc/periodic Scripts

The default periodic.conf(5) has been updated to include the anticongestion_sleeptime option, consolidating random sleeps in periodic(8) scripts and replacing the daily_ntpd_avoid_congestion option. The default value is 3600 seconds. [r317373]

The 410.status-mfi periodic(8) script has been added to monitor the status of mfi(4) volumes. [r317857]

4.7. Runtime Libraries and API

The libmd library has been updated to introduce functions that operate on fd(4) instead of filename. [r310372]

The kvm_close(3) function has been updated to return the accumulated error from previous close(2) calls. [r316039]

The C standard library has been updated to make use of reallocarray(3) for bounds checking. [r316613]

The clock_nanosleep() system call has been added. The nanosleep() system call is now a wrapper around clock_nanosleep(). [r317618] (Sponsored by Dell EMC)

The system libraries have been updated to make use of reallocarray(3) for bounds checking. [r318121]

4.8. ABI Compatibility

The type max_align_t is now defined for C11 compliance. [r309258]

The sem_clockwait_np() library function has been added, which allows the caller to specify the reference clock and choose between absolute and relative mode. [r315274] (Sponsored by Dell EMC)

The clang nullability qualifiers have been added to the C library headers. [r315282]

Uses of the GNU __nonnull__ attribute have been replaced with the more benign Clang nullability attributes. [r315282]

4.9. Userland Debugging

ptrace(2) now supports events for vfork(2), permitting reliable debugging across vfork(2) invocations. [r304499]

Process core dumps now include the process ID (PID) and command line arguments. [r306786]

5. Kernel

This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.

5.1. General Kernel Changes

The getdtablesize(2) system call is now permitted in capability mode. [r305514]

The kern.proc.nfds sysctl(8) is now permitted in capability mode. [r305516]

The sys/conf/newvers.sh script has been updated with an option to exclude build-specific metadata from the kernel for build reproducibility. [r312249]

5.2. Kernel Bug Fixes

The ipf(4) packet filter has been updated to prevent keep state from incorrectly implying keep frags, matching the behavior documented in ipf(5). [r317434]

5.3. Kernel Configuration

The WITH_REPRODUCIBLE_BUILD src.conf(5) knob has been added, which when set, excludes build-specific metadata from the kernel, for build reproducibility. [r312730]

Support for NAT-T is now enabled by default. The IPSEC_NAT_T kernel configuration option has been removed. [r315514] (Sponsored by Yandex LLC)

The IPSEC_FILTERTUNNEL kernel option has been removed, which was deprecated by the net.inet.ipsec.filtertunnel sysctl. [r315514] (Sponsored by Yandex LLC)

The EARLY_AP_STARTUP option has been enabled by default on amd64 and i386 architectures, which when enabled releases Application Processors (APs) earlier in the kernel startup process. [r318763]

5.4. Kernel Modules

cloudabi(4) has been updated to allow running 32-bit binaries within 64-bit userland environments when the kernel configuration file has the COMPAT_CLOUDABI32 option present. [r307144]

The ipsec and tcpmd5 kernel modules have been added. [r315514] (Sponsored by Yandex LLC)

Note:

Following the addition of the tcpmd5 module, it is now necessary to have a security association (SA) entry for both inbound and outbound directions.

The ipfw(4) packet filter has been updated to add support for named dynamic states. [r316274] (Sponsored by Yandex LLC)

The ipfw_nptv6 kernel module has been added, implementing Network Prefix Translation for IPv6 as defined in RFC 6296. [r316444] (Sponsored by Yandex LLC)

The ipfw_nat64 kernel module has been added, implementing stateless and stateful NAT64. [r316446] (Sponsored by Yandex LLC)

The cfumass(4) device has been added, providing a storage frontend to USB OTG-capable hardware. [r316660] (Sponsored by The FreeBSD Foundation)

The ipfw_pmod kernel module has been added, designed for modifying packets of any protocol. [r317045] (Sponsored by Yandex LLC)

Note:

At present, only TCP MSS modification is implemented.

5.5. System Tuning and Controls

The vfs.root_mount_always_wait tunable has been added, which forces the kernel to wait for root mount holds even if the root device is already present. [r315539]

When the system real time clock (RTC) is adjusted, such as by clock_settime(), sleeping threads are now awakened and absolute sleep times are reevaluated based on the new value of the RTC. [r316120] (Sponsored by Dell EMC)

6. Devices and Drivers

This section covers changes and additions to devices and device drivers since 11.0-RELEASE.

6.1. Device Drivers

The jedec_ts(4) driver has been added, providing support for thermal sensors on memory modules. The driver currently supports chips that are fully compliant with the JEDEC JC 42.4 specification. [r307768]

The chromebook_platform(4) driver has been added, providing support for various Chromebook models. [r308104]

The bytgpio(4) driver has been added, providing support for Intel® Bay Trail™ SoC GPIO controllers. [r308942]

/dev/kmem no longer supports access via mmap(). Consumers wishing to use /dev/kmem must use read() and write(). [r312394]

devctl(8) now supports a "clear driver" command as a complement to "set driver". [r306533] (Sponsored by Chelsio Communications)

6.2. Storage Drivers

The mpr(4) driver has been updated to support tri-mode (SAS/SATA/PCIe) Broadcom® storage adapters. [r319435]

6.3. Network Drivers

The cxgbe(4) driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters. [r306660] (Sponsored by Chelsio Communications)

TCP connections using the TCP Offload Engine (TOE) on Chelsio T4+ adapters can now perform zero-copy sends via aio_write(). [r306661] (Sponsored by Chelsio Communications)

The cxgbev(4) driver has been added, providing support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters. [r306664] (Sponsored by Chelsio Communications)

The bnxt(4) driver has been added, providing support for Broadcom® NetXtreme-C™ and NetXtreme-E™ devices. [r309377] (Sponsored by Broadcom Limited)

The cxgbe(4) driver now supports devices using T6-based adapters which support 10, 25, 40, and 100 Gbps. [r309560] (Sponsored by Chelsio Communications)

The cxgbe(4) driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T6 adapters. [r309560] (Sponsored by Chelsio Communications)

The cxgbev(4) driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T6 adapters. [r309560] (Sponsored by Chelsio Communications)

The miibus(4) driver has been updated to support Microchip/Micrel KSZ9031 Gigabit ethernet cards. [r310852] (Sponsored by Rubicon Communications, LLC (Netgate))

The alc(4) driver has been updated to provide support for Atheros® Killer E2400™ Gigabit ethernet cards. [r312358]

The alc(4) driver has been updated to provide support for Atheros® Killer E2500™ Gigabit ethernet cards. [r314005] (Sponsored by Microsoft)

The etherswitch(4) driver has been updated to support RTL8366RB and RTL8366SR cards. [r315330] (Sponsored by Rubicon Communications, LLC (Netgate))

The if_ipsec(4) virtual tunneling interface has been added, implementing route-based VPNs protected with Encapsulating Security Payload (ESP). [r315514] (Sponsored by Yandex LLC)

The qlnxe(4) driver has been added, providing support for Cavium® Qlogic™ 45000 Series adapters. [r317116]

The qlxgbe(4) firmware has been updated to version 5.4.64. [r317182]

The ixl(4) driver has been updated to version 1.7.12-k. [r318357] (Sponsored by Intel Corporation)

The cxgbe(4) driver has been updated to firmware version 1.16.45.0 for T4, T5, and T6 cards. [r319269] (Sponsored by Chelsio Communications)

The qlnxe(4) driver has been updated to support QLE41XXX hardware. [r320164]

The qlnxe(4) driver firmware has been updated to version 8.30.0.0. [r320164]

7. Hardware Support

This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.

7.1. Hardware Support

The atkbdc(4) driver has been updated to provide support for Elantech® trackpads. To enable hardware support, add hw.psm.elantech_support=1 to loader.conf(5). [r307576]

7.2. Virtualization Support

PCI passthrough with bhyve(4) supports more dynamic configurations permitting devices to be marked for passthrough or host use at runtime. [r306471] (Sponsored by Chelsio Communications)

PCI passthrough with bhyve(4) resets functions via FLR when a virtual machine is started and stopped. [r306520] (Sponsored by Chelsio Communications)

PCI passthrough support has been enabled on FreeBSD virtual machines running on Microsoft® Hyper-V™. [r309312] (Sponsored by Microsoft)

The hv_netvsc(4) driver SR-IOV implementation has been updated to support Virtual Function (VF) devices, such as the Mellanox® Connect-X3™ network card. [r314091] (Sponsored by Microsoft)

Support for Microsoft® Hyper-V™ Generation 2 virtual machines has been added. [r316272] (Sponsored by Microsoft)

Support for synthetic keyboards has been added for virtual machines running on Microsoft® Hyper-V™. [r317119] (Sponsored by Microsoft)

The FreeBSD virtual machines provided on Amazon® EC2™ now enable IPv6 by default. [r312790]

7.3. ARM Support

Support for the Allwinner A13 board has been added. [r305436]

8. Storage

This section covers changes and additions to file systems and other storage subsystems, both local and networked.

8.1. General Storage

 

8.2. Networked Storage

The NFS client now properly handles NFS4ERR_BAD_SESSION errors received from an NFS server. Additionally, the kernel RPC client has been updated to prevent creating new TCP connections when ERESTART is received from sosend(9). [r318660]

The NFS client now supports the Amazon® Elastic File System™ (EFS). [r318660]

8.3. ZFS

The vfs.zfs.debug_flags sysctl(8) has been deprecated in favor of vfs.zfs.debugflags. Additionally, vfs.zfs.debugflags can now be configured in loader.conf(5), whereas vfs.zfs.debug_flags could not. [r318785]

8.4. geom(4)

 

9. Boot Loader Changes

This section covers the boot loader, boot menu, and other boot-related changes.

9.1. Boot Loader Changes

The UEFI boot loader has been updated for build reproducibility. [r305845] (Sponsored by The FreeBSD Foundation)

The EFI loader has been updated to support TFTPFS, providing netboot support without requiring an NFS server. [r307632] (Sponsored by Gandi.net)

9.2. Boot Menu Changes

 

10. Networking

This section describes changes that affect networking in FreeBSD.

10.1. General Network Changes

The network stack has been updated to include ip6_tryforward(), providing performance benefits as result of a reduced number of checks. [r311681] (Sponsored by Yandex LLC)

The network stack has been modified to fix incorrect or invalid IP addresses if multiple threads emit a UDP log_in_vain message concurrently. [r313523] (Sponsored by Dell EMC)

The TCP stack has been changed to use the estimated RTT instead of timestamps for receive buffer auto resizing. [r317386] (Sponsored by Multiplay)

10.2. Network Protocols

Support for GARP (gratuitous ARP) retransmit has been added. A new sysctl(8), net.link.ether.inet.garp_rexmit_count, has been added, which sets the maximum number of retransmissions when set to a non-zero value. [r309337] (Sponsored by Dell EMC)

Support for the UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type has been removed. [r315514] (Sponsored by Yandex LLC)

11. Ports Collection and Package Infrastructure

This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.

11.1. Infrastructure Changes

 

11.2. Packaging Changes

 

12. Documentation

This section covers changes to the FreeBSD Documentation Project sources and toolchain.

12.1. Documentation Source Changes

 

12.2. Documentation Toolchain Changes

 

13. Release Engineering and Integration

This section convers changes that are specific to the FreeBSD Release Engineering processes.

13.1. Integration Changes

 

This file, and other release-related documents, can be downloaded from https://www.FreeBSD.org/snapshots/.

For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.

All users of FreeBSD 11.0-STABLE should subscribe to the <stable@FreeBSD.org> mailing list.

For questions about this documentation, e-mail <doc@FreeBSD.org>.