FreeBSD The Power to Serve

FreeBSD 12.4-RELEASE Release Notes

Abstract

The release notes for FreeBSD 12.4-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.

Introduction

This document contains the release notes for FreeBSD 12.4-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

The release distribution to which these release notes apply represents the latest point along the 12-STABLE development branch since 12-STABLE was created. Information regarding pre-built, binary release distributions along this branch can be found at https://www.FreeBSD.org/releases/.

The release distribution to which these release notes apply represents a point along the 12-STABLE development branch since 12.3-RELEASE. The 12.4-RELEASE is expected to be the final release from the 12-STABLE branch. Information regarding pre-built, binary release distributions along this branch can be found at https://www.FreeBSD.org/releases/.

This distribution of FreeBSD 12.4-RELEASE is a release distribution. It can be found at https://www.FreeBSD.org/releases/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the Obtaining FreeBSD appendix to the FreeBSD Handbook.

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 12.4-RELEASE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed features in FreeBSD since 12.3-RELEASE. In general, changes described here are unique to the 12-STABLE branch unless specifically marked as MERGED features.

Typical release note items document recent security advisories issued after 12.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

Upgrading from Previous Releases of FreeBSD

Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.

Upgrading FreeBSD should only be attempted after backing up all data and configuration files.

Security and Errata

This section lists the various Security Advisories and Errata Notices since 12.3-RELEASE.

Security Advisories

Advisory Date Topic

FreeBSD-SA-22:02.wifi

15 March 2022

Multiple WiFi issues

FreeBSD-SA-22:03.openssl

15 March 2022

OpenSSL certificate parsing infinite loop

FreeBSD-SA-22:04.netmap

6 April 2022

Potential jail escape vulnerabilities in netmap

FreeBSD-SA-22:05.bhyve

6 April 2022

Bhyve e82545 device emulation out-of-bounds write

FreeBSD-SA-22:06.ioctl

6 April 2022

mpr/mps/mpt driver ioctl heap out-of-bounds write

FreeBSD-SA-22:07.wifi_meshid

6 April 2022

802.11 heap buffer overflow

FreeBSD-SA-22:08.zlib

6 April 2022

zlib compression out-of-bounds write

FreeBSD-SA-22:09.elf

9 August 2022

Out of bound read in elf_note_prpsinfo()

FreeBSD-SA-22:10.aio

9 August 2022

AIO credential reference count leak

FreeBSD-SA-22:11.vm

9 August 2022

Memory disclosure by stale virtual memory mapping

FreeBSD-SA-22:13.zlib

30 August 2022

zlib heap buffer overflow

FreeBSD-SA-22:14.heimdal

29 November 2022 (revised)

Multiple vulnerabilities in Heimdal

FreeBSD-SA-22:15.ping

29 November 2022

Stack overflow in ping(8)

Errata Notices

Errata Date Topic

FreeBSD-EN-22:02.xsave

11 January 2022

Incorrect XSAVE state size

FreeBSD-EN-22:03.hyperv

11 January 2022

vPCI compatibility improvements with certain Hyper-V releases

FreeBSD-EN-22:04.pcid

11 January 2022

Incorrect PCID mode invalidations

FreeBSD-EN-22:06.libalias

11 January 2022

Incorrect fragmented IPv4 packet handling in libalias

FreeBSD-EN-22:08.i386

1 February 2022

Regression in i386 TLB invalidation logic

FreeBSD-EN-22:09.freebsd-update

15 March 2022

freebsd-update creating erroneous boot environments

FreeBSD-EN-22:14.tzdata

22 March 2022

Timezone database information update

FreeBSD-EN-22:17.cam

9 August 2022

Kernel memory corruption during SCSI error recovery

FreeBSD-EN-22:20.tzdata

30 August 2022

Timezone database information update

FreeBSD-EN-22:22.tzdata

1 November 2022

Timezone database information update

FreeBSD-EN-22:28.heimdal

29 November 2022

Regression in Heimdal KDC

Userland

This section covers changes and additions to userland applications, contributed software, and system utilities.

Userland Application Changes

The ar(1) utility does not overwrite the stdout stream pointer to make it compatible with the musl library. It also deprecates the -T flag. 21a6c9bd6f2f (Sponsored by The FreeBSD Foundation)

The cp(1) utility will detect infinite recursion caused by -R flag and squash it. b57954717ddf a605ca25ef68 (Sponsored by Klara, Inc.)

The cp(1) utility will honor properly -H, -L and -P flags. Notably, it will not resolve symlinks encountered during traversal when either -H or -P are specified. 1d9f60b05128 (Sponsored by Klara, Inc.)

The cp(1) utility will allow -P working without -R as per POSIX. 19413ce66cc0

The df(1) utility will now support using -l and -t flags together. If both are specified, the parameter list of the -t option is applied on top of the selection of local file systems. 741b90dc69ee

The elfctl(1) utility will avoid touching files if no changes are made. e048bd5c0954 (Sponsored by The FreeBSD Foundation)

The elfctl(1) utility will detect if host endianness is different from target endianness and swap byte order of ELF note fields instead of failing. c7d961a39893 (Sponsored by Stormshield)

The elfctl(1) utility had some improvements to the manual page. f3cdcf235966 (Sponsored by The FreeBSD Foundation)

The elfctl(1) utility had a number of bugs fixed involving operations with multiple features on multiple files, -e being specified multiple times and error handling for the -e flag. bbb92ab05fa2 a528bad95e0c d3cbb4745a13 (Sponsored by The FreeBSD Foundation)

The fsck_ufs(8) utility had a segfault bug fixed when using with gjournal(8). f8145bd4bcc0

The growfs(8) utility will not error if the file system is already the requested size. 11f45b8f8009 (Sponsored by The FreeBSD Foundation)

The nfsd(8) utility had a number of sanity checks added. 0f2244008573 b5c577931db1 5ad7804beb38 c0ea059da22f

The nfsd(8) utility had a bug fixed when verifying for attributes like FilesAvail. b386392ea909

The nfsd(8) utility had a bug fixed regarding session slot freeing for NFSv4.1/4.2 81091a7ca11a

The nfsd(8) utility had a bug fixed when handling of Open/Create for the pNFS server. d5c176ad6a7b

The sh(1) utility will now read more profile files. It will load each .sh file in /etc/profile.d, then /usr/local/etc/profile, then each .sh file in /usr/local/etc/profile.d/. 73ab1c87c208

The usbconfig(8) utility will use getopt(3) to handle options. 081853844bd4

The usbconfig(8) utility had its documentation improved. 940db7edacb2

The usbconfig(8) utility has been improved by adding a -v flag. bb0b7f405138 1cab5dac1c2d

Contributed Software

The blacklistd(8) daemon will now handle 0-sized messages. 5f7ae464db5b

The dma(8) utility has been updated to snapshot 2022-01-27. 27941a274ebf

The dma(8) mail agent will now exit if invoked with invalid (zero) argc. 647d3bf17cd9 (Sponsored by The FreeBSD Foundation)

The dma(8) mail agent will now limit lines to 998 characters, as per RFC2822. 5c1ee92b0eba (Sponsored by The FreeBSD Foundation)

The expat C library for parsing XML has been updated to version 2.4.9. 8a7b2fbbaae4

The file(1) utility has been updated to version 5.43. 91f1a04f9baa

The libarchive(3) library has been updated to version 3.6.0. bbc312a1ec99

The LLVM toolchain suite has been updated to version 13.0.0. 838e2fa19531

The mandoc(1) utility has been updated to version 1.14.6. 6ec92eb155fb

OpenBSM had a bug fixed about free() in au_read_rec error case. 990aa6476eec

OpenSSL has been updated to 1.1.1q. c83325e95a98

OpenSSH has been updated to 9.1p1. 50cb877af1fb (Sponsored by The FreeBSD Foundation)

The sendmail(8) mail transport agent had a bug fixed about authentication with cyrus-sasl-2.1.28. 1ccfac2381c3 (Sponsored by The FreeBSD Foundation)

The sqlite3(1) utility has been updated to version 3.39.3. 25fd07c106d8

The telnet(1) utility now silently ignores invalid set ' ' and invalid help help commands instead of having a segmentation fault. eeadef8fd523

The telnet(1) utility had CVE-2020-39028 fixed. f2aa49e7fda5

The telnet(1) utility had CVE-2020-10188 fixed. 229863871f52

The telnetd(8) daemon has been deprecated. 616b1b813891

The tcpdump(1) utility now allow users to set a number on rules which will be exposed as part of the pflog header. 7f944794868f (Sponsored by Rubicon Communications, LLC ("Netgate"))

The tzdata information was updated to correct DST (Daylight Savings Time) in Fiji and Palestine. 74a0f31dbbd0 89e293e5dcb4

The tzdata 2022f was imported into the tree. df5c24d59089

The unbound(8) utility has been updated to version 1.16.3. 51206a8d11ae

wpa has been updated to version 2.10. This includes hostapd 2.10. ea5113953168

Kernel

This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.

General Kernel Changes

The hwpmc(4) framework had a counter/interrupt state initialization bug fixed for arm64. c8a4404da737 (Sponsored by The FreeBSD Foundation)

The hwpmc(4) framework has added IDs for Intel Comet/Ice/Tiger/Rocketlake CPUs. d2138bddf3ec

The iflib(4) network interface had some data races that produced crashes on VMWare guests using the vmxnet3 driver fixed. f43d2e1199b9

The iflib(4) network interface had the vlan processing in the drivers fixed. cf101bd5ceeb

The iflib(4) network interface driver framework had a lock order reversal (LOR) fixed. ea25a6af57e0

The net80211(4) interface had some mitigations included agains A-MSDU design flaws (CVE-2020-24588). 76ee776f4d9f

The net80211(4) interface will now reject mixed plaintext/encrypted fragments (CVE-2020-26147). 00cd5a2f614a

The net80211(4) interface will now prevent plaintext injection by A-MSDU RFC1042/EAPOL frames (CVE-2020-26144). 2d09e4366b67

The net80211(4) interface has improved several validations including SSID length and Mesh ID length. f4d0e8787a09 e7c990ba3f8d

The pf(4) framework now ensures the correct source/destination IP address in ICMP errors. a50876f0ac7a (Sponsored by Rubicon Communications, LLC ("Netgate"))

The pf(4) framework had some memory leaks fixed. 329c9b9da592

The pf(4) framework provides improved route-to handling of pfsync(4)'d states. 592b4f93632a (Sponsored by Orange Business Services)

The sched_ule(4) scheduler had a bug fixed about a loss of significance when setting kern.sched.interact above 32. b7eded5ea1f1

The vm subsystem had a problem fixed that broke the vm reservation when it was mistakenly unable to provide a satisfactory set of pages. 46549e319c52

Images for installation from DVD have fixes to symbolic links, for easier use of on-disc packages. 7b05f19e9708 (Sponsored by Rubicon Communications, LLC ("Netgate"))

Devices and Drivers

Device Drivers

The aesni(4) driver for the AES and SHA accelerator on x86 CPUs had a bug fixed about a potential out-of-bounds access. 83d0a7763a92 (Sponsored by The FreeBSD Foundation)

The aw_spi(4) driver for the SPI controller in Allwinner SoC has improved I/O stability regarding TX FIFO underruns and RX FIFO overflows. 1e7b0dc00076

The carp(4) protocol now gracefully deals with negative values of net.inet.carp.demotion. 1c16de99bd7d (Sponsored by Modirum MDPay)

The ena(4) kernel driver has been updated to 2.6.1. 1a97579ae67a (Sponsored by Amazon, Inc.)

The if_epair(4) driver now allows multiple cores to be used to process traffic to improve performance. 092da35a0d80 (Sponsored by Orange Business Services)

The if_gif(4) tunnel interface had a panic on shutdown fixed. b4a51fd9c124 (Sponsored by Rubicon Communications, LLC ("Netgate"))

The if_pflog(4) device had a bug fixed regarding packet length. d41caea44ba9 (Sponsored by Rubicon Communications, LLC ("Netgate"))

The if_vlan(4) network interface had a bug fixed that avoids hash table thrashing when adding and removing entries. a5f19abeb719 (Sponsored by NetApp, Inc.)

The igc(4) Ethernet controller had a bug that prevented to correctly update RCTL when changing filters. 73e1138208a5

The ixl(4) driver had some fixes for VLAN HW filtering. 83ca71099913

The ixl(4) driver had some panics fixed. 749c7da9b9b4

The mpr(4) had a panic fixed during firmware update. 956f15e74d66

The mpr(4) and mps(4) drivers had a more robust device mapping implemented. 9d842d84f49a (Sponsored by iXsystems, Inc.)

The ocs_fc(4) device driver had a memory leak fixed. 12e6cbd15853

The ocs_fc(4) device driver had two use-after-free bugs fixed. 241d13765504 fa3e66e9f7cd

The ocs_fc(4) device driver had a possible null pointer dereference fixed. 9199f5e0ba5c

The pfsync(4) pseudo-device had some locking bugs fixed. 7164b77ce2f3 (Sponsored by Rubicon Communications, LLC ("Netgate"))

The pfsync(4) pseudo-device had some NULL check bugs fixed. bbbe18b31795 f3b722fed330 (Sponsored by Rubicon Communications, LLC ("Netgate"))

The pfsync(4) pseudo-device had a defer mode bug fixed. c36006be5424 (Sponsored by Rubicon Communications, LLC ("Netgate"))

The random(4) driver on x86 will now prefer RDSEED over RDRAND when available as per Intel documentation. a68e606c402e

The random(4) device had some improvements that now make entropy sources deregistration-safe. 7878a69e0415

The rk_i2c(4) driver had a number of improvements including the increasing of the number of bytes that can be sent to 32. 342d73431ee5

The snd_uaudio(4) USB audio and MIDI driver had some string computations for iFeature fixed. 43a03be0bb50 (Sponsored by NVIDIA Networking)

The usb(4) driver had a use-after-free bug fixed. bb9bee1ffbb2 (Sponsored by NVIDIA Networking)

The vt(4) virtual terminal console driver had a bug fixed regarding double-click word selection for first/last word on line. caeade0e00d5 (Sponsored by The FreeBSD Foundation)

The vt(4) virtual terminal console driver had a bug fixed about color in pixel blocks with more than 4 colors. 4e4e477d89fd (Sponsored by The FreeBSD Foundation)

Storage

This section covers changes and additions to file systems and other storage subsystems, both local and networked.

General Storage

The fusefs(5) file system in userspace had a race condition fixed. c85846ea3ea5

The fusefs(5) file system in userspace had a couple of bugs regarding VOP_RECLAIM fixed. 4d5fb17274aa

The fusefs(5) file system had an undefined variable access fixed. 20004b265add (Sponsored by Axcient)

The NFS client code had a forced dismount looping fixed. 00e9bc2d937f

The NFS client code had a number of bug fixes including two use-after-free bugs. 04c2ce41e3fc 22d6238a0473

The NFS client code had a race condition fixed. ca826694e3b0

Boot Loader Changes

This section covers the boot loader, boot menu, and other boot-related changes.

Boot Loader Changes

Networking

This section describes changes that affect networking in FreeBSD.

General Network

The dummynet(4) system facility had an out-of-bounds bug fixed. 55351c2620c5 (Sponsored by The FreeBSD Foundation)

The dummynet(4) system facility had a bug regarding the validation of the length of socket options fixed. 3f22f161b936 (Sponsored by The FreeBSD Foundation)

The ipfilter(4) packet filter added the DT5 and SDT dtrace(1) probes. 67b86b71c19c 09aa9a1f82bf

From now on, to improve security, ipfilter(4) only allows jails to manipulate ipfilter rules, NAT tables, and ippools if the jail has its own VNET. ed86cf0121f9

The ipfilter(4) packet filter has now the ability to dump a copy of ippool in ippool.conf format. 95dfabe85a54

The netmap(4) framework had a bug regarding an integer overflow fixed (CVE-2022-23085). 95602165e33a

The netmap(4) framework had a fix for a TOCTOU vulnerability (CVE-2022-23084). 6fa8af618475


Last modified on: December 17, 2022 by Danilo G. Baio